public class

GSSCredentialImpl

extends Object
implements GSSCredential
java.lang.Object
   ↳ sun.security.jgss.GSSCredentialImpl

Summary

[Expand]
Inherited Constants
From interface org.ietf.jgss.GSSCredential
Public Constructors
GSSCredentialImpl(GSSManagerImpl gssManager, GSSCredentialSpi mechElement)
Public Methods
void add(GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage)
Adds a mechanism specific credential-element to an existing credential.
void dispose()
Releases any sensitive information that the GSSCredential object may be containing.
boolean equals(Object another)
Indicates whether some other object is "equal to" this one.
GSSCredentialSpi getElement(Oid mechOid, boolean initiate)
Returns the specified mechanism's credential-element.
Oid[] getMechs()
Returns a list of mechanisms supported by this credential.
GSSName getName()
Retrieves the name of the entity that the credential asserts.
GSSName getName(Oid mech)
Retrieves a Mechanism Name of the entity that the credential asserts.
int getRemainingAcceptLifetime(Oid mech)
Returns the lifetime in seconds for the credential to remain capable of accepting security contexts using the specified mechanism.
int getRemainingInitLifetime(Oid mech)
Returns the lifetime in seconds for the credential to remain capable of initiating security contexts using the specified mechanism.
int getRemainingLifetime()
Returns the remaining lifetime of this credential.
int getUsage(Oid mech)
Returns the credential usage mode for a specific mechanism.
int getUsage()
Returns the usage mode for this credential.
int hashCode()
Returns a hashcode value for this GSSCredential.
String toString()
Returns a string representation of the object.
[Expand]
Inherited Methods
From class java.lang.Object
From interface org.ietf.jgss.GSSCredential

Public Constructors

public GSSCredentialImpl (GSSManagerImpl gssManager, GSSCredentialSpi mechElement)

Throws
GSSException

Public Methods

public void add (GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage)

Adds a mechanism specific credential-element to an existing credential. This method allows the construction of credentials, one mechanism at a time.

This routine is envisioned to be used mainly by context acceptors during the creation of acceptor credentials which are to be used with a variety of clients using different security mechanisms.

This routine adds the new credential element "in-place". To add the element in a new credential, first call clone to obtain a copy of this credential, then call its add method.

As always, GSS-API implementations must impose a local access-control policy on callers to prevent unauthorized callers from acquiring credentials to which they are not entitled. Non-default values for initLifetime and acceptLifetime cannot always be honored by the underlying mechanisms, thus callers should be prepared to call getRemainingInitLifetime and getRemainingAcceptLifetime on the credential.

Parameters
name the name of the principal for whom this credential is to be acquired. Use null to specify the default principal.
initLifetime the number of seconds that the credential element should remain valid for initiating of security contexts. Use GSSCredential.INDEFINITE_LIFETIME to request that the credentials have the maximum permitted lifetime for this. Use GSSCredential.DEFAULT_LIFETIME to request default credential lifetime for this.
acceptLifetime the number of seconds that the credential element should remain valid for accepting security contexts. Use GSSCredential.INDEFINITE_LIFETIME to request that the credentials have the maximum permitted lifetime for this. Use GSSCredential.DEFAULT_LIFETIME to request default credential lifetime for this.
mech the mechanism over which the credential is to be acquired.
usage the usage mode that this credential element should add to the credential. The value of this parameter must be one of: INITIATE_AND_ACCEPT, ACCEPT_ONLY, and INITIATE_ONLY.
Throws
GSSException

public void dispose ()

Releases any sensitive information that the GSSCredential object may be containing. Applications should call this method as soon as the credential is no longer needed to minimize the time any sensitive information is maintained.

Throws
GSSException

public boolean equals (Object another)

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

  • It is reflexive: for any non-null reference value x, x.equals(x) should return true.
  • It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
  • It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
  • It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
  • For any non-null reference value x, x.equals(null) should return false.

The equals method for class Object implements the most discriminating possible equivalence relation on objects; that is, for any non-null reference values x and y, this method returns true if and only if x and y refer to the same object (x == y has the value true).

Note that it is generally necessary to override the hashCode method whenever this method is overridden, so as to maintain the general contract for the hashCode method, which states that equal objects must have equal hash codes.

Parameters
another the reference object with which to compare.
Returns
  • true if this object is the same as the obj argument; false otherwise.

public GSSCredentialSpi getElement (Oid mechOid, boolean initiate)

Returns the specified mechanism's credential-element.

Parameters
mechOid - the oid for mechanism to retrieve
Returns
  • mechanism credential object
Throws
GSSException of invalid mechanism

public Oid[] getMechs ()

Returns a list of mechanisms supported by this credential. It does not tell us which ones can be used to initiate contexts and which ones can be used to accept contexts. The application must call the getUsage method with each of the returned Oid's to determine the possible modes of usage.

Returns
  • an array of Oid's corresponding to the supported mechanisms.
Throws
GSSException

public GSSName getName ()

Retrieves the name of the entity that the credential asserts.

Returns
  • a GSSName representing the entity
Throws
GSSException

public GSSName getName (Oid mech)

Retrieves a Mechanism Name of the entity that the credential asserts. This is equivalent to calling canonicalize on the value returned by the other form of getName.

Parameters
mech the Oid of the mechanism for which the Mechanism Name should be returned.
Returns
  • a GSSName representing the entity canonicalized for the desired mechanism
Throws
GSSException

public int getRemainingAcceptLifetime (Oid mech)

Returns the lifetime in seconds for the credential to remain capable of accepting security contexts using the specified mechanism. This method queries the acceptor credential element that belongs to the specified mechanism.

Parameters
mech the Oid of the mechanism whose acceptor credential element should be queried.
Returns
  • the number of seconds remaining in the life of this credential element. A return value of INDEFINITE_LIFETIME indicates that the credential element does not expire. A return value of 0 indicates that the credential element is already expired.
Throws
GSSException

public int getRemainingInitLifetime (Oid mech)

Returns the lifetime in seconds for the credential to remain capable of initiating security contexts using the specified mechanism. This method queries the initiator credential element that belongs to the specified mechanism.

Parameters
mech the Oid of the mechanism whose intiator credential element should be queried.
Returns
  • the number of seconds remaining in the life of this credential element. A return value of INDEFINITE_LIFETIME indicates that the credential element does not expire. A return value of 0 indicates that the credential element is already expired.
Throws
GSSException

public int getRemainingLifetime ()

Returns the remaining lifetime of this credential. The remaining lifetime is defined as the minimum lifetime, either for initiate or for accept, across all elements contained in it. Not terribly useful, but required by GSS-API.

Returns
  • the minimum remaining lifetime in seconds for this credential. A return value of INDEFINITE_LIFETIME indicates that the credential does not expire. A return value of 0 indicates that the credential is already expired.
Throws
GSSException

public int getUsage (Oid mech)

Returns the credential usage mode for a specific mechanism. In other words, it tells us if this credential can be used for initiating or accepting security contexts with a given underlying mechanism.

Parameters
mech the Oid of the mechanism whose credentials usage mode is to be determined.
Returns
Throws
GSSException

public int getUsage ()

Returns the usage mode for this credential. Returns INITIATE_AND_ACCEPT if any one element contained in it supports INITIATE_AND_ACCEPT or if two different elements exist where one support INITIATE_ONLY and the other supports ACCEPT_ONLY.

Returns
Throws
GSSException

public int hashCode ()

Returns a hashcode value for this GSSCredential.

Returns
  • a hashCode value

public String toString ()

Returns a string representation of the object. In general, the toString method returns a string that "textually represents" this object. The result should be a concise but informative representation that is easy for a person to read. It is recommended that all subclasses override this method.

The toString method for class Object returns a string consisting of the name of the class of which the object is an instance, the at-sign character `@', and the unsigned hexadecimal representation of the hash code of the object. In other words, this method returns a string equal to the value of:

 getClass().getName() + '@' + Integer.toHexString(hashCode())
 

Returns
  • a string representation of the object.