public class GlobusGSSContextImpl extends Object implements ExtendedGSSContext
Modifier and Type | Field and Description |
---|---|
protected Boolean |
acceptNoClientCerts |
protected boolean |
anonymity |
protected BouncyCastleCertProcessingFactory |
certFactory |
protected Boolean |
checkContextExpiration |
protected boolean |
conn |
protected boolean |
credentialDelegation |
protected GlobusGSSCredentialImpl |
ctxCred
Credential of this context.
|
protected ExtendedGSSCredential |
delegatedCred
Credential delegated using delegation API
|
protected boolean |
delegationFinished
Delegation finished indicator
|
protected int |
delegationState
Delegation state
|
protected GSIConstants.DelegationType |
delegationType |
protected ExtendedGSSCredential |
delegCred
Credential delegated during context establishment
|
protected boolean |
encryption |
protected boolean |
established |
protected GSSName |
expectedTargetName
Expected target name.
|
protected Boolean |
forceSSLv3AndConstrainCipherSuitesForGram |
protected Date |
goodUntil
Context expiration date.
|
static int |
GSI_WRAP
Used to distinguish between a token created by
wrap with GSSConstants.GSI_BIG
QoP and a regular token created by wrap . |
protected Integer |
gssMode |
protected KeyPair |
keyPair
Used during delegation
|
protected Boolean |
peerLimited
Limited peer credentials
|
protected Map |
proxyPolicyHandlers |
protected Boolean |
rejectLimitedProxy |
protected Boolean |
requireAuthzWithDelegation |
protected Boolean |
requireClientAuth |
protected int |
role
Context role
|
protected GSSName |
sourceName
The name of the context initiator
|
protected SSLConfigurator |
sslConfigurator |
protected SSLContext |
sslContext |
protected SSLEngine |
sslEngine |
protected int |
state
Handshake state
|
protected GSSName |
targetName
The name of the context acceptor
|
protected TrustedCertificates |
tc |
DEFAULT_LIFETIME, INDEFINITE_LIFETIME
Constructor and Description |
---|
GlobusGSSContextImpl(GSSName target,
GlobusGSSCredentialImpl cred) |
Modifier and Type | Method and Description |
---|---|
byte[] |
acceptDelegation(int lifetime,
byte[] buf,
int off,
int len)
Accept a delegated credential.
|
byte[] |
acceptSecContext(byte[] inBuff,
int off,
int len)
This function drives the accepting side of the context establishment
process.
|
void |
acceptSecContext(InputStream in,
OutputStream out)
It works just like
acceptSecContext
method. |
protected void |
checkContext() |
void |
dispose() |
byte[] |
export()
Currently not implemented.
|
protected byte[] |
generateCertRequest(X509Certificate cert) |
boolean |
getAnonymityState() |
boolean |
getConfState() |
boolean |
getCredDelegState() |
GSSCredential |
getDelegatedCredential()
Returns the delegated credential that was delegated using
the
initDelegation and acceptDelegation
functions. |
GSSCredential |
getDelegCred() |
boolean |
getIntegState() |
int |
getLifetime() |
Oid |
getMech() |
byte[] |
getMIC(byte[] inBuf,
int off,
int len,
MessageProp prop)
Returns a cryptographic MIC (message integrity check)
of a specified message.
|
void |
getMIC(InputStream inStream,
OutputStream outStream,
MessageProp msgProp)
Currently not implemented.
|
boolean |
getMutualAuthState() |
Object |
getOption(Oid option)
Gets a context option.
|
boolean |
getReplayDetState() |
boolean |
getSequenceDetState() |
GSSName |
getSrcName() |
GSSName |
getTargName() |
int |
getWrapSizeLimit(int qop,
boolean confReq,
int maxTokenSize)
Currently not implemented.
|
byte[] |
initDelegation(GSSCredential credential,
Oid mechanism,
int lifetime,
byte[] buf,
int off,
int len)
Initiate the delegation of a credential.
|
byte[] |
initSecContext(byte[] inBuff,
int off,
int len)
This function drives the initiating side of the context establishment
process.
|
int |
initSecContext(InputStream in,
OutputStream out)
It works just like
initSecContext method. |
Object |
inquireByOid(Oid oid)
Retrieves arbitrary data about this context.
|
boolean |
isDelegationFinished()
Used during delegation to determine the state of the delegation.
|
boolean |
isEstablished() |
boolean |
isInitiator() |
boolean |
isProtReady() |
boolean |
isTransferable()
Currently not implemented.
|
void |
requestAnonymity(boolean state) |
void |
requestConf(boolean state) |
void |
requestCredDeleg(boolean state) |
void |
requestInteg(boolean state) |
void |
requestLifetime(int lifetime) |
void |
requestMutualAuth(boolean state) |
void |
requestReplayDet(boolean state) |
void |
requestSequenceDet(boolean state) |
protected void |
setAcceptNoClientCerts(Object value) |
void |
setBannedCiphers(String[] ciphers)
Specifies a list of ciphers that will not be used.
|
void |
setChannelBinding(ChannelBinding cb)
Currently not implemented.
|
protected void |
setCheckContextExpired(Object value) |
protected void |
setDelegationType(Object value) |
protected void |
setForceSslV3AndConstrainCipherSuitesForGram(Object value) |
protected void |
setGssMode(Object value) |
void |
setOption(Oid option,
Object value)
Sets a context option.
|
protected void |
setProxyPolicyHandlers(Object value) |
protected void |
setRejectLimitedProxy(Object value) |
protected void |
setRequireAuthzWithDelegation(Object value) |
protected void |
setRequireClientAuth(Object value) |
protected void |
setTrustedCertificates(Object value) |
byte[] |
unwrap(byte[] inBuf,
int off,
int len,
MessageProp prop)
Unwraps a token generated by
wrap method on the other side of the context. |
void |
unwrap(InputStream inStream,
OutputStream outStream,
MessageProp msgProp)
Currently not implemented.
|
protected void |
verifyDelegatedCert(X509Certificate certificate) |
void |
verifyMIC(byte[] inTok,
int tokOff,
int tokLen,
byte[] inMsg,
int msgOff,
int msgLen,
MessageProp prop)
Verifies a cryptographic MIC (message integrity check)
of a specified message.
|
void |
verifyMIC(InputStream tokStream,
InputStream msgStream,
MessageProp msgProp)
Currently not implemented.
|
byte[] |
wrap(byte[] inBuf,
int off,
int len,
MessageProp prop)
Wraps a message for integrity and protection.
|
void |
wrap(InputStream inStream,
OutputStream outStream,
MessageProp msgProp)
Currently not implemented.
|
public static final int GSI_WRAP
wrap
with GSSConstants.GSI_BIG
QoP and a regular token created by wrap
.protected int state
protected int delegationState
protected ExtendedGSSCredential delegatedCred
protected boolean delegationFinished
protected boolean credentialDelegation
protected boolean anonymity
protected boolean encryption
protected boolean established
protected GSSName sourceName
protected GSSName targetName
protected int role
protected ExtendedGSSCredential delegCred
protected GSIConstants.DelegationType delegationType
protected Integer gssMode
protected Boolean checkContextExpiration
protected Boolean rejectLimitedProxy
protected Boolean requireClientAuth
protected Boolean acceptNoClientCerts
protected Boolean requireAuthzWithDelegation
protected Boolean forceSSLv3AndConstrainCipherSuitesForGram
protected GlobusGSSCredentialImpl ctxCred
protected GSSName expectedTargetName
protected Date goodUntil
protected SSLConfigurator sslConfigurator
protected SSLContext sslContext
protected SSLEngine sslEngine
protected boolean conn
protected BouncyCastleCertProcessingFactory certFactory
protected KeyPair keyPair
protected TrustedCertificates tc
protected Map proxyPolicyHandlers
protected Boolean peerLimited
public GlobusGSSContextImpl(GSSName target, GlobusGSSCredentialImpl cred) throws GSSException
target
- expected target name. Can be null.cred
- credential. Cannot be null. Might be anonymous.GSSException
public byte[] acceptSecContext(byte[] inBuff, int off, int len) throws GSSException
initSecContext
function.
GSSConstants.GSS_MODE
and GSSConstants.REJECT_LIMITED_PROXY
context options. If the
GSSConstants.GSS_MODE
option is set to
GSIConstants.MODE_SSL
the context establishment process will be compatible with regular SSL
(no credential delegation support). If the option is set to
GSIConstants.MODE_GSI
credential delegation during context establishment process will be accepted.
If the GSSConstants.REJECT_LIMITED_PROXY
option is enabled, a peer
presenting limited proxy credential will be automatically
rejected and the context establishment process will be aborted.acceptSecContext
in interface GSSContext
GSSException
public byte[] initSecContext(byte[] inBuff, int off, int len) throws GSSException
acceptSecContext
function.
GSSConstants.GSS_MODE
,
GSSConstants.DELEGATION_TYPE
, and
GSSConstants.REJECT_LIMITED_PROXY
context options. If the GSSConstants.GSS_MODE
option is set to GSIConstants.MODE_SSL
the context establishment process will be compatible with regular SSL
(no credential delegation support). If the option is set to
GSIConstants.GSS_MODE_GSI
credential delegation during context establishment process will performed.
The delegation type to be performed can be set using the
GSSConstants.DELEGATION_TYPE
context option. If the GSSConstants.REJECT_LIMITED_PROXY
option is enabled,
a peer presenting limited proxy credential will be automatically
rejected and the context establishment process will be aborted.initSecContext
in interface GSSContext
GSSException
public byte[] wrap(byte[] inBuf, int off, int len, MessageProp prop) throws GSSException
wrap
in interface GSSContext
GSSException
public byte[] unwrap(byte[] inBuf, int off, int len, MessageProp prop) throws GSSException
wrap
method on the other side of the context.unwrap
in interface GSSContext
GSSException
public void dispose() throws GSSException
dispose
in interface GSSContext
GSSException
public boolean isEstablished()
isEstablished
in interface GSSContext
public void requestCredDeleg(boolean state) throws GSSException
requestCredDeleg
in interface GSSContext
GSSException
public boolean getCredDelegState()
getCredDelegState
in interface GSSContext
public boolean isInitiator() throws GSSException
isInitiator
in interface GSSContext
GSSException
public boolean isProtReady()
isProtReady
in interface GSSContext
public void requestLifetime(int lifetime) throws GSSException
requestLifetime
in interface GSSContext
GSSException
public int getLifetime()
getLifetime
in interface GSSContext
public Oid getMech() throws GSSException
getMech
in interface GSSContext
GSSException
public GSSCredential getDelegCred() throws GSSException
getDelegCred
in interface GSSContext
GSSException
public void requestConf(boolean state) throws GSSException
requestConf
in interface GSSContext
GSSException
public boolean getConfState()
getConfState
in interface GSSContext
public byte[] getMIC(byte[] inBuf, int off, int len, MessageProp prop) throws GSSException
getMIC
in interface GSSContext
GSSException
public void verifyMIC(byte[] inTok, int tokOff, int tokLen, byte[] inMsg, int msgOff, int msgLen, MessageProp prop) throws GSSException
verifyMIC
in interface GSSContext
GSSException
public int initSecContext(InputStream in, OutputStream out) throws GSSException
initSecContext
method.
It reads one SSL token from input stream, calls
initSecContext
method and
writes the output token to the output stream (if any)
SSL token is not read on the initial call.initSecContext
in interface GSSContext
GSSException
public void acceptSecContext(InputStream in, OutputStream out) throws GSSException
acceptSecContext
method. It reads one SSL token from input stream, calls
acceptSecContext
method and writes the output token to the output stream (if any)acceptSecContext
in interface GSSContext
GSSException
public GSSName getSrcName() throws GSSException
getSrcName
in interface GSSContext
GSSException
public GSSName getTargName() throws GSSException
getTargName
in interface GSSContext
GSSException
public void requestInteg(boolean state) throws GSSException
requestInteg
in interface GSSContext
GSSException
public boolean getIntegState()
getIntegState
in interface GSSContext
public void requestSequenceDet(boolean state) throws GSSException
requestSequenceDet
in interface GSSContext
GSSException
public boolean getSequenceDetState()
getSequenceDetState
in interface GSSContext
public void requestReplayDet(boolean state) throws GSSException
requestReplayDet
in interface GSSContext
GSSException
public boolean getReplayDetState()
getReplayDetState
in interface GSSContext
public void requestAnonymity(boolean state) throws GSSException
requestAnonymity
in interface GSSContext
GSSException
public boolean getAnonymityState()
getAnonymityState
in interface GSSContext
public void requestMutualAuth(boolean state) throws GSSException
requestMutualAuth
in interface GSSContext
GSSException
public boolean getMutualAuthState()
getMutualAuthState
in interface GSSContext
protected byte[] generateCertRequest(X509Certificate cert) throws GeneralSecurityException
GeneralSecurityException
protected void verifyDelegatedCert(X509Certificate certificate) throws GeneralSecurityException
GeneralSecurityException
protected void checkContext() throws GSSException
GSSException
protected void setGssMode(Object value) throws GSSException
GSSException
protected void setDelegationType(Object value) throws GSSException
GSSException
protected void setCheckContextExpired(Object value) throws GSSException
GSSException
protected void setRejectLimitedProxy(Object value) throws GSSException
GSSException
protected void setRequireClientAuth(Object value) throws GSSException
GSSException
protected void setRequireAuthzWithDelegation(Object value) throws GSSException
GSSException
protected void setAcceptNoClientCerts(Object value) throws GSSException
GSSException
protected void setForceSslV3AndConstrainCipherSuitesForGram(Object value) throws GSSException
GSSException
protected void setProxyPolicyHandlers(Object value) throws GSSException
GSSException
protected void setTrustedCertificates(Object value) throws GSSException
GSSException
public void setOption(Oid option, Object value) throws GSSException
ExtendedGSSContext
setOption
in interface ExtendedGSSContext
option
- option type.value
- option value.GSSException
- containing the following major error codes:
GSSException.FAILURE
public Object getOption(Oid option) throws GSSException
ExtendedGSSContext
getOption
in interface ExtendedGSSContext
option
- option type.GSSException
- containing the following major error codes:
GSSException.FAILURE
public byte[] initDelegation(GSSCredential credential, Oid mechanism, int lifetime, byte[] buf, int off, int len) throws GSSException
acceptDelegation
function.
GSSConstants.DELEGATION_TYPE
and
GSSConstants.GSS_MODE
context
options.
The GSSConstants.DELEGATION_TYPE
option controls delegation type to be performed. The
GSSConstants.GSS_MODE
option if set to
GSIConstants.MODE_SSL
results in tokens that are not wrapped.initDelegation
in interface ExtendedGSSContext
credential
- The credential to be delegated. May be null
in which case the credential associated with the security
context is used.mechanism
- The desired security mechanism. May be null.lifetime
- The requested period of validity (seconds) of the delegated
credential.acceptDelegation
if
isDelegationFinished
returns false. May be null.GSSException
- containing the following major error codes:
GSSException.FAILURE
public byte[] acceptDelegation(int lifetime, byte[] buf, int off, int len) throws GSSException
initDelegation
function.
GSSConstants.GSS_MODE
context
option. The
GSSConstants.GSS_MODE
option if set to
GSIConstants.MODE_SSL
results in tokens that are not wrapped.acceptDelegation
in interface ExtendedGSSContext
lifetime
- The requested period of validity (seconds) of the delegated
credential.initDelegation
if
isDelegationFinished
returns false. May be null.GSSException
- containing the following major error codes:
GSSException.FAILURE
public GSSCredential getDelegatedCredential()
ExtendedGSSContext
initDelegation
and acceptDelegation
functions. This is to be called on the delegation accepting
side once once isDelegationFinished
returns true.getDelegatedCredential
in interface ExtendedGSSContext
public boolean isDelegationFinished()
ExtendedGSSContext
isDelegationFinished
in interface ExtendedGSSContext
public Object inquireByOid(Oid oid) throws GSSException
GSSConstants.X509_CERT_CHAIN
returns certificate chain of the peer (X509Certificate[]
).
inquireByOid
in interface ExtendedGSSContext
oid
- the oid of the information desired.GSSException
- containing the following major error codes:
GSSException.FAILURE
public void setBannedCiphers(String[] ciphers)
ExtendedGSSContext
setBannedCiphers
in interface ExtendedGSSContext
ciphers
- The list of banned ciphers.public int getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize) throws GSSException
getWrapSizeLimit
in interface GSSContext
GSSException
public void wrap(InputStream inStream, OutputStream outStream, MessageProp msgProp) throws GSSException
wrap
in interface GSSContext
GSSException
public void unwrap(InputStream inStream, OutputStream outStream, MessageProp msgProp) throws GSSException
unwrap
in interface GSSContext
GSSException
public void getMIC(InputStream inStream, OutputStream outStream, MessageProp msgProp) throws GSSException
getMIC
in interface GSSContext
GSSException
public void verifyMIC(InputStream tokStream, InputStream msgStream, MessageProp msgProp) throws GSSException
verifyMIC
in interface GSSContext
GSSException
public void setChannelBinding(ChannelBinding cb) throws GSSException
setChannelBinding
in interface GSSContext
GSSException
public boolean isTransferable() throws GSSException
isTransferable
in interface GSSContext
GSSException
public byte[] export() throws GSSException
export
in interface GSSContext
GSSException
Copyright © 2016. All rights reserved.