public class

SpNegoContext

extends Object
implements GSSContextSpi
java.lang.Object
   ↳ sun.security.jgss.spnego.SpNegoContext

Class Overview

Implements the mechanism specific context class for SPNEGO GSS-API mechanism

Summary

Public Constructors
SpNegoContext(SpNegoMechFactory factory, GSSNameSpi peerName, GSSCredentialSpi myCred, int lifetime)
Constructor for SpNegoContext to be called on the context initiator's side.
SpNegoContext(SpNegoMechFactory factory, GSSCredentialSpi myCred)
Constructor for SpNegoContext to be called on the context acceptor's side.
SpNegoContext(SpNegoMechFactory factory, byte[] interProcessToken)
Constructor for SpNegoContext to import a previously exported context.
Public Methods
final byte[] acceptSecContext(InputStream is, int mechTokenSize)
Acceptor's context establishment call.
final void dispose()
Releases context resources and terminates the context between 2 peer.
final byte[] export()
Produces a token representing this context.
final boolean getAnonymityState()
final boolean getConfState()
Is confidentiality available?
final boolean getCredDelegState()
Is credential delegation enabled?
final GSSCredentialSpi getDelegCred()
Returns the delegated credential for the context.
final boolean getIntegState()
Is integrity available?
final int getLifetime()
The lifetime remaining for this context.
final byte[] getMIC(byte[] inMsg, int offset, int len, MessageProp msgProp)
final void getMIC(InputStream is, OutputStream os, MessageProp msgProp)
Applies per-message integrity services.
final Oid getMech()
Returns the mechanism oid.
final boolean getMutualAuthState()
Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.
final Oid getNegotiatedMech()
final Provider getProvider()
final boolean getReplayDetState()
Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.
final boolean getSequenceDetState()
Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.
final GSSNameSpi getSrcName()
final GSSNameSpi getTargName()
final int getWrapSizeLimit(int qop, boolean confReq, int maxTokSize)
Queries the context for largest data size to accomodate the specified protection and for the token to remain less then maxTokSize.
final byte[] initSecContext(InputStream is, int mechTokenSize)
Initiator context establishment call.
final boolean isEstablished()
final boolean isInitiator()
Tests if this is the initiator side of the context.
final boolean isMechContextEstablished()
final boolean isProtReady()
Tests if the context can be used for per-message service.
final boolean isTransferable()
final void requestAnonymity(boolean value)
final void requestConf(boolean value)
Requests that confidentiality be available.
final void requestCredDeleg(boolean value)
Requests that credential delegation be done during context establishment.
final void requestInteg(boolean value)
Requests that integrity be available.
void requestLifetime(int lifetime)
Requests the desired lifetime.
final void requestMutualAuth(boolean value)
Requests that mutual authentication be done during context establishment.
final void requestReplayDet(boolean value)
Requests that replay detection be done on the GSS wrap and MIC tokens.
final void requestSequenceDet(boolean value)
Requests that sequence checking be done on the GSS wrap and MIC tokens.
final void setChannelBinding(ChannelBinding channelBinding)
Sets the channel bindings to be used during context establishment.
final byte[] unwrap(byte[] inBuf, int offset, int len, MessageProp msgProp)
For apps that want simplicity and dont care about buffer copies.
final void unwrap(InputStream is, OutputStream os, MessageProp msgProp)
Retrieves the message token previously encapsulated in the wrap call.
final void verifyMIC(InputStream is, InputStream msgStr, MessageProp msgProp)
Checks the integrity of the supplied tokens.
final void verifyMIC(byte[] inTok, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, MessageProp msgProp)
final byte[] wrap(byte[] inBuf, int offset, int len, MessageProp msgProp)
For apps that want simplicity and don't care about buffer copies.
final void wrap(InputStream is, OutputStream os, MessageProp msgProp)
Provides per-message token encapsulation.
[Expand]
Inherited Methods
From class java.lang.Object
From interface sun.security.jgss.spi.GSSContextSpi

Public Constructors

public SpNegoContext (SpNegoMechFactory factory, GSSNameSpi peerName, GSSCredentialSpi myCred, int lifetime)

Constructor for SpNegoContext to be called on the context initiator's side.

Throws
GSSException

public SpNegoContext (SpNegoMechFactory factory, GSSCredentialSpi myCred)

Constructor for SpNegoContext to be called on the context acceptor's side.

Throws
GSSException

public SpNegoContext (SpNegoMechFactory factory, byte[] interProcessToken)

Constructor for SpNegoContext to import a previously exported context.

Throws
GSSException

Public Methods

public final byte[] acceptSecContext (InputStream is, int mechTokenSize)

Acceptor's context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Parameters
is contains the token received from the peer.
mechTokenSize the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.
Returns
  • any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.
Throws
GSSException

public final void dispose ()

Releases context resources and terminates the context between 2 peer.

Throws
GSSException

public final byte[] export ()

Produces a token representing this context. After this call the context will no longer be usable until an import is performed on the returned token.

Returns
  • exported context token
Throws
GSSException

public final boolean getAnonymityState ()

public final boolean getConfState ()

Is confidentiality available?

public final boolean getCredDelegState ()

Is credential delegation enabled?

public final GSSCredentialSpi getDelegCred ()

Returns the delegated credential for the context. This is an optional feature of contexts which not all mechanisms will support. A context can be requested to support credential delegation by using the CRED_DELEG. This is only valid on the acceptor side of the context.

Returns
  • GSSCredentialSpi object for the delegated credential
Throws
GSSException
GSSException
See Also
  • GSSContext#getDelegCredState

public final boolean getIntegState ()

Is integrity available?

public final int getLifetime ()

The lifetime remaining for this context.

public final byte[] getMIC (byte[] inMsg, int offset, int len, MessageProp msgProp)

Throws
GSSException

public final void getMIC (InputStream is, OutputStream os, MessageProp msgProp)

Applies per-message integrity services.

Parameters
is the user-provided message
os the token to be sent to the peer along with the message token. The message token is not encapsulated.
msgProp on input the desired QOP and output the applied QOP
Throws
GSSException

public final Oid getMech ()

Returns the mechanism oid.

Returns
  • the Oid of this context

public final boolean getMutualAuthState ()

Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.

public final Oid getNegotiatedMech ()

public final Provider getProvider ()

public final boolean getReplayDetState ()

Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.

public final boolean getSequenceDetState ()

Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.

public final GSSNameSpi getSrcName ()

Throws
GSSException

public final GSSNameSpi getTargName ()

Throws
GSSException

public final int getWrapSizeLimit (int qop, boolean confReq, int maxTokSize)

Queries the context for largest data size to accomodate the specified protection and for the token to remain less then maxTokSize.

Parameters
qop the quality of protection that the context will be asked to provide.
confReq a flag indicating whether confidentiality will be requested or not
Returns
  • the maximum size for the input message that can be provided to the wrap() method in order to guarantee that these requirements are met.
Throws
GSSException

public final byte[] initSecContext (InputStream is, int mechTokenSize)

Initiator context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Parameters
is contains the token received from the peer. On the first call it will be ignored.
mechTokenSize the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.
Returns
  • any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.
Throws
GSSException

public final boolean isEstablished ()

public final boolean isInitiator ()

Tests if this is the initiator side of the context.

Returns
  • boolean indicating if this is initiator (true) or target (false)

public final boolean isMechContextEstablished ()

public final boolean isProtReady ()

Tests if the context can be used for per-message service. Context may allow the calls to the per-message service functions before being fully established.

Returns
  • boolean indicating if per-message methods can be called.

public final boolean isTransferable ()

Throws
GSSException

public final void requestAnonymity (boolean value)

Throws
GSSException

public final void requestConf (boolean value)

Requests that confidentiality be available.

Throws
GSSException

public final void requestCredDeleg (boolean value)

Requests that credential delegation be done during context establishment.

Throws
GSSException

public final void requestInteg (boolean value)

Requests that integrity be available.

Throws
GSSException

public void requestLifetime (int lifetime)

Requests the desired lifetime. Can only be used on the context initiator's side.

Throws
GSSException

public final void requestMutualAuth (boolean value)

Requests that mutual authentication be done during context establishment. Since this is fromm the client's perspective, it essentially requests that the server be authenticated.

Throws
GSSException

public final void requestReplayDet (boolean value)

Requests that replay detection be done on the GSS wrap and MIC tokens.

Throws
GSSException

public final void requestSequenceDet (boolean value)

Requests that sequence checking be done on the GSS wrap and MIC tokens.

Throws
GSSException

public final void setChannelBinding (ChannelBinding channelBinding)

Sets the channel bindings to be used during context establishment.

Throws
GSSException

public final byte[] unwrap (byte[] inBuf, int offset, int len, MessageProp msgProp)

For apps that want simplicity and dont care about buffer copies.

Throws
GSSException

public final void unwrap (InputStream is, OutputStream os, MessageProp msgProp)

Retrieves the message token previously encapsulated in the wrap call.

Parameters
is the token from the peer
os unprotected message data
msgProp will contain the applied qop and confidentiality of the input token and any informatory status values
Throws
GSSException

public final void verifyMIC (InputStream is, InputStream msgStr, MessageProp msgProp)

Checks the integrity of the supplied tokens. This token was previously generated by getMIC.

Parameters
is token generated by getMIC
msgStr the message to check integrity for
Throws
GSSException

public final void verifyMIC (byte[] inTok, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, MessageProp msgProp)

Throws
GSSException

public final byte[] wrap (byte[] inBuf, int offset, int len, MessageProp msgProp)

For apps that want simplicity and don't care about buffer copies.

Throws
GSSException

public final void wrap (InputStream is, OutputStream os, MessageProp msgProp)

Provides per-message token encapsulation.

Parameters
is the user-provided message to be protected
os the token to be sent to the peer. It includes the message from is with the requested protection.
Throws
GSSException