Interface ExtendedGSSContext

  • All Superinterfaces:
    org.ietf.jgss.GSSContext
    All Known Implementing Classes:
    GlobusGSSContextImpl

    public interface ExtendedGSSContext
    extends org.ietf.jgss.GSSContext
    Defines Java API for setting and getting context options and delegation extensions as defined in the GSS-API Extensions document. Some of the functions might not specify all the parameters as in the document.

    Notes:
    • Extensions are not supported in initDelegation and acceptDelegation

    Here is a sample code showing how the delegation API might be used:
     ExtendedGSSContext client = ....
     ExtendedGSSContext server = ....
    
     byte [] input = new byte[0];
     byte [] output = null;
     do {
                output = client.initDelegation(null, null, 0, input, 0, input.length);
                input = server.acceptDelegation(0, output, 0, output.length);
     } while (!client.isDelegationFinished());
    
     GSSCredential cred = server.getDelegatedCredential();
     ...
     
    Because delegation can be performed multiple times on the same contexts, the do { ... } while (); block should be used to properly reset the delegation state (The state of isDelegationFinished is reset on the initial call to initDelegation or acceptDelegation.
    • Field Summary

      • Fields inherited from interface org.ietf.jgss.GSSContext

        DEFAULT_LIFETIME, INDEFINITE_LIFETIME
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      byte[] acceptDelegation​(int lifetime, byte[] but, int off, int len)
      Accept a delegated credential.
      org.ietf.jgss.GSSCredential getDelegatedCredential()
      Returns the delegated credential that was delegated using the initDelegation and acceptDelegation functions.
      java.lang.Object getOption​(org.ietf.jgss.Oid option)
      Gets a context option.
      byte[] initDelegation​(org.ietf.jgss.GSSCredential cred, org.ietf.jgss.Oid mechanism, int lifetime, byte[] buf, int off, int len)
      Initiate the delegation of a credential.
      java.lang.Object inquireByOid​(org.ietf.jgss.Oid oid)
      Retrieves arbitrary data about this context.
      boolean isDelegationFinished()
      Used during delegation to determine the state of the delegation.
      void setBannedCiphers​(java.lang.String[] ciphers)
      Specifies a list of ciphers that will not be used.
      void setOption​(org.ietf.jgss.Oid option, java.lang.Object value)
      Sets a context option.
      • Methods inherited from interface org.ietf.jgss.GSSContext

        acceptSecContext, acceptSecContext, dispose, export, getAnonymityState, getConfState, getCredDelegState, getDelegCred, getIntegState, getLifetime, getMech, getMIC, getMIC, getMutualAuthState, getReplayDetState, getSequenceDetState, getSrcName, getTargName, getWrapSizeLimit, initSecContext, initSecContext, isEstablished, isInitiator, isProtReady, isTransferable, requestAnonymity, requestConf, requestCredDeleg, requestInteg, requestLifetime, requestMutualAuth, requestReplayDet, requestSequenceDet, setChannelBinding, unwrap, unwrap, verifyMIC, verifyMIC, wrap, wrap
    • Method Detail

      • setOption

        void setOption​(org.ietf.jgss.Oid option,
                       java.lang.Object value)
                throws org.ietf.jgss.GSSException
        Sets a context option. It can be called by context initiator or acceptor but prior to the first call to initSecContext, acceptSecContext, initDelegation or acceptDelegation.
        Parameters:
        option - option type.
        value - option value.
        Throws:
        org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE
      • getOption

        java.lang.Object getOption​(org.ietf.jgss.Oid option)
                            throws org.ietf.jgss.GSSException
        Gets a context option. It can be called by context initiator or acceptor.
        Parameters:
        option - option type.
        Returns:
        value option value. Maybe be null.
        Throws:
        org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE
      • initDelegation

        byte[] initDelegation​(org.ietf.jgss.GSSCredential cred,
                              org.ietf.jgss.Oid mechanism,
                              int lifetime,
                              byte[] buf,
                              int off,
                              int len)
                       throws org.ietf.jgss.GSSException
        Initiate the delegation of a credential. This functions drives the initiating side of the credential delegation process. It is expected to be called in tandem with the acceptDelegation function.
        Parameters:
        cred - The credential to be delegated. May be null in which case the credential associated with the security context is used.
        mechanism - The desired security mechanism. May be null.
        lifetime - The requested period of validity (seconds) of the delegated credential.
        Returns:
        A token that should be passed to acceptDelegation if isDelegationFinished returns false. May be null.
        Throws:
        org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE
      • acceptDelegation

        byte[] acceptDelegation​(int lifetime,
                                byte[] but,
                                int off,
                                int len)
                         throws org.ietf.jgss.GSSException
        Accept a delegated credential. This functions drives the accepting side of the credential delegation process. It is expected to be called in tandem with the initDelegation function.
        Parameters:
        lifetime - The requested period of validity (seconds) of the delegated credential.
        Returns:
        A token that should be passed to initDelegation if isDelegationFinished returns false. May be null.
        Throws:
        org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE
      • getDelegatedCredential

        org.ietf.jgss.GSSCredential getDelegatedCredential()
        Returns the delegated credential that was delegated using the initDelegation and acceptDelegation functions. This is to be called on the delegation accepting side once once isDelegationFinished returns true.
        Returns:
        The delegated credential. Might be null if credential delegation is not finished.
      • isDelegationFinished

        boolean isDelegationFinished()
        Used during delegation to determine the state of the delegation.
        Returns:
        true if delegation was completed, false otherwise.
      • inquireByOid

        java.lang.Object inquireByOid​(org.ietf.jgss.Oid oid)
                               throws org.ietf.jgss.GSSException
        Retrieves arbitrary data about this context.
        Parameters:
        oid - the oid of the information desired.
        Returns:
        the information desired. Might be null.
        Throws:
        org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE
      • setBannedCiphers

        void setBannedCiphers​(java.lang.String[] ciphers)
        Specifies a list of ciphers that will not be used.
        Parameters:
        ciphers - The list of banned ciphers.