Field Detail

• GSI_WRAP

  public static final int GSI_WRAP

  Used to distinguish between a token created by wrap with GSSConstants.GSI_BIG QoP and a regular token created by wrap.

  See Also:

  Constant Field Values

• state

  protected int state

  Handshake state

• delegationState

  protected int delegationState

  Delegation state

• delegatedCred

  protected ExtendedGSSCredential delegatedCred

  Credential delegated using delegation API

• delegationFinished

  protected boolean delegationFinished

  Delegation finished indicator

• credentialDelegation

  protected boolean credentialDelegation

• anonymity

  protected boolean anonymity

• encryption

  protected boolean encryption

• established

  protected boolean established

• sourceName

  protected GSSName sourceName

  The name of the context initiator

• targetName

  protected GSSName targetName

  The name of the context acceptor

• role

  protected int role

  Context role

• delegCred

  protected ExtendedGSSCredential delegCred

  Credential delegated during context establishment

• delegationType

  protected GSIConstants.DelegationType delegationType

• gssMode

  protected Integer gssMode

• checkContextExpiration

  protected Boolean checkContextExpiration

• rejectLimitedProxy

  protected Boolean rejectLimitedProxy

• requireClientAuth

  protected Boolean requireClientAuth

• acceptNoClientCerts

  protected Boolean acceptNoClientCerts

• requireAuthzWithDelegation

  protected Boolean requireAuthzWithDelegation

• forceSSLv3AndConstrainCipherSuitesForGram

  protected Boolean forceSSLv3AndConstrainCipherSuitesForGram

• ctxCred

  protected GlobusGSSCredentialImpl ctxCred

  Credential of this context. Might be anonymous

• expectedTargetName

  protected GSSName expectedTargetName

  Expected target name. Used for authorization in initiator

• goodUntil

  protected Date goodUntil

  Context expiration date.

• sslConfigurator

  protected SSLConfigurator sslConfigurator

• sslContext

  protected SSLContext sslContext

• sslEngine

  protected SSLEngine sslEngine

• conn

  protected boolean conn

• certFactory

  protected BouncyCastleCertProcessingFactory certFactory

• keyPair

  protected KeyPair keyPair

  Used during delegation

• tc

  protected TrustedCertificates tc

• proxyPolicyHandlers

  protected Map proxyPolicyHandlers

• peerLimited

  protected Boolean peerLimited

  Limited peer credentials

Constructor Detail

• GlobusGSSContextImpl

  public GlobusGSSContextImpl(GSSName target,
                      GlobusGSSCredentialImpl cred)
                       throws GSSException

  Parameters:

  target - expected target name. Can be null.

  cred - credential. Cannot be null. Might be anonymous.

  Throws:

  GSSException

Method Detail

• acceptSecContext

  public byte[] acceptSecContext(byte[] inBuff,
                        int off,
                        int len)
                          throws GSSException

  This function drives the accepting side of the context establishment process. It is expected to be called in tandem with the initSecContext function.
  The behavior of context establishment process can be modified by GSSConstants.GSS_MODE and GSSConstants.REJECT_LIMITED_PROXY context options. If the GSSConstants.GSS_MODE option is set to GSIConstants.MODE_SSL the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set to GSIConstants.MODE_GSI credential delegation during context establishment process will be accepted. If the GSSConstants.REJECT_LIMITED_PROXY option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.

  Specified by:

  acceptSecContext in interface GSSContext

  Returns:

  a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data)

  Throws:

  GSSException

• initSecContext

  public byte[] initSecContext(byte[] inBuff,
                      int off,
                      int len)
                        throws GSSException

  This function drives the initiating side of the context establishment process. It is expected to be called in tandem with the acceptSecContext function.
  The behavior of context establishment process can be modified by GSSConstants.GSS_MODE, GSSConstants.DELEGATION_TYPE, and GSSConstants.REJECT_LIMITED_PROXY context options. If the GSSConstants.GSS_MODE option is set to GSIConstants.MODE_SSL the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set to GSIConstants.GSS_MODE_GSI credential delegation during context establishment process will performed. The delegation type to be performed can be set using the GSSConstants.DELEGATION_TYPE context option. If the GSSConstants.REJECT_LIMITED_PROXY option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.

  Specified by:

  initSecContext in interface GSSContext

  Returns:

  a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data).

  Throws:

  GSSException

• wrap

  public byte[] wrap(byte[] inBuf,
            int off,
            int len,
            MessageProp prop)
              throws GSSException

  Wraps a message for integrity and protection. A regular SSL-wrapped token is returned.

  Specified by:

  wrap in interface GSSContext

  Throws:

  GSSException

• unwrap

  public byte[] unwrap(byte[] inBuf,
              int off,
              int len,
              MessageProp prop)
                throws GSSException

  Unwraps a token generated by wrap method on the other side of the context.

  Specified by:

  unwrap in interface GSSContext

  Throws:

  GSSException

• dispose

  public void dispose()
               throws GSSException

  Specified by:

  dispose in interface GSSContext

  Throws:

  GSSException

• isEstablished

  public boolean isEstablished()

  Specified by:

  isEstablished in interface GSSContext

• requestCredDeleg

  public void requestCredDeleg(boolean state)
                        throws GSSException

  Specified by:

  requestCredDeleg in interface GSSContext

  Throws:

  GSSException

• getCredDelegState

  public boolean getCredDelegState()

  Specified by:

  getCredDelegState in interface GSSContext

• isInitiator

  public boolean isInitiator()
                      throws GSSException

  Specified by:

  isInitiator in interface GSSContext

  Throws:

  GSSException

• isProtReady

  public boolean isProtReady()

  Specified by:

  isProtReady in interface GSSContext

• requestLifetime

  public void requestLifetime(int lifetime)
                       throws GSSException

  Specified by:

  requestLifetime in interface GSSContext

  Throws:

  GSSException

• getLifetime

  public int getLifetime()

  Specified by:

  getLifetime in interface GSSContext

• getMech

  public Oid getMech()
              throws GSSException

  Specified by:

  getMech in interface GSSContext

  Throws:

  GSSException

• getDelegCred

  public GSSCredential getDelegCred()
                             throws GSSException

  Specified by:

  getDelegCred in interface GSSContext

  Throws:

  GSSException

• requestConf

  public void requestConf(boolean state)
                   throws GSSException

  Specified by:

  requestConf in interface GSSContext

  Throws:

  GSSException

• getConfState

  public boolean getConfState()

  Specified by:

  getConfState in interface GSSContext

• getMIC

  public byte[] getMIC(byte[] inBuf,
              int off,
              int len,
              MessageProp prop)
                throws GSSException

  Returns a cryptographic MIC (message integrity check) of a specified message.

  Specified by:

  getMIC in interface GSSContext

  Throws:

  GSSException

• verifyMIC

  public void verifyMIC(byte[] inTok,
               int tokOff,
               int tokLen,
               byte[] inMsg,
               int msgOff,
               int msgLen,
               MessageProp prop)
                 throws GSSException

  Verifies a cryptographic MIC (message integrity check) of a specified message.

  Specified by:

  verifyMIC in interface GSSContext

  Throws:

  GSSException

• initSecContext

  public int initSecContext(InputStream in,
                   OutputStream out)
                     throws GSSException

  It works just like initSecContext method. It reads one SSL token from input stream, calls initSecContext method and writes the output token to the output stream (if any) SSL token is not read on the initial call.

  Specified by:

  initSecContext in interface GSSContext

  Throws:

  GSSException

• acceptSecContext

  public void acceptSecContext(InputStream in,
                      OutputStream out)
                        throws GSSException

  It works just like acceptSecContext method. It reads one SSL token from input stream, calls acceptSecContext method and writes the output token to the output stream (if any)

  Specified by:

  acceptSecContext in interface GSSContext

  Throws:

  GSSException

• getSrcName

  public GSSName getSrcName()
                     throws GSSException

  Specified by:

  getSrcName in interface GSSContext

  Throws:

  GSSException

• getTargName

  public GSSName getTargName()
                      throws GSSException

  Specified by:

  getTargName in interface GSSContext

  Throws:

  GSSException

• requestInteg

  public void requestInteg(boolean state)
                    throws GSSException

  Specified by:

  requestInteg in interface GSSContext

  Throws:

  GSSException

• getIntegState

  public boolean getIntegState()

  Specified by:

  getIntegState in interface GSSContext

• requestSequenceDet

  public void requestSequenceDet(boolean state)
                          throws GSSException

  Specified by:

  requestSequenceDet in interface GSSContext

  Throws:

  GSSException

• getSequenceDetState

  public boolean getSequenceDetState()

  Specified by:

  getSequenceDetState in interface GSSContext

• requestReplayDet

  public void requestReplayDet(boolean state)
                        throws GSSException

  Specified by:

  requestReplayDet in interface GSSContext

  Throws:

  GSSException

• getReplayDetState

  public boolean getReplayDetState()

  Specified by:

  getReplayDetState in interface GSSContext

• requestAnonymity

  public void requestAnonymity(boolean state)
                        throws GSSException

  Specified by:

  requestAnonymity in interface GSSContext

  Throws:

  GSSException

• getAnonymityState

  public boolean getAnonymityState()

  Specified by:

  getAnonymityState in interface GSSContext

• requestMutualAuth

  public void requestMutualAuth(boolean state)
                         throws GSSException

  Specified by:

  requestMutualAuth in interface GSSContext

  Throws:

  GSSException

• getMutualAuthState

  public boolean getMutualAuthState()

  Specified by:

  getMutualAuthState in interface GSSContext

• generateCertRequest

  protected byte[] generateCertRequest(X509Certificate cert)
                                throws GeneralSecurityException

  Throws:

  GeneralSecurityException

• verifyDelegatedCert

  protected void verifyDelegatedCert(X509Certificate certificate)
                              throws GeneralSecurityException

  Throws:

  GeneralSecurityException

• checkContext

  protected void checkContext()
                       throws GSSException

  Throws:

  GSSException

• setGssMode

  protected void setGssMode(Object value)
                     throws GSSException

  Throws:

  GSSException

• setDelegationType

  protected void setDelegationType(Object value)
                            throws GSSException

  Throws:

  GSSException

• setCheckContextExpired

  protected void setCheckContextExpired(Object value)
                                 throws GSSException

  Throws:

  GSSException

• setRejectLimitedProxy

  protected void setRejectLimitedProxy(Object value)
                                throws GSSException

  Throws:

  GSSException

• setRequireClientAuth

  protected void setRequireClientAuth(Object value)
                               throws GSSException

  Throws:

  GSSException

• setRequireAuthzWithDelegation

  protected void setRequireAuthzWithDelegation(Object value)
                                        throws GSSException

  Throws:

  GSSException

• setAcceptNoClientCerts

  protected void setAcceptNoClientCerts(Object value)
                                 throws GSSException

  Throws:

  GSSException

• setForceSslV3AndConstrainCipherSuitesForGram

  protected void setForceSslV3AndConstrainCipherSuitesForGram(Object value)
                                                       throws GSSException

  Throws:

  GSSException

• setProxyPolicyHandlers

  protected void setProxyPolicyHandlers(Object value)
                                 throws GSSException

  Throws:

  GSSException

• setTrustedCertificates

  protected void setTrustedCertificates(Object value)
                                 throws GSSException

  Throws:

  GSSException

• setOption

  public void setOption(Oid option,
               Object value)
                 throws GSSException

  Description copied from interface: ExtendedGSSContext
  Sets a context option. It can be called by context initiator or acceptor but prior to the first call to initSecContext, acceptSecContext, initDelegation or acceptDelegation.

  Specified by:

  setOption in interface ExtendedGSSContext

  Parameters:

  option - option type.

  value - option value.

  Throws:

  GSSException - containing the following major error codes: GSSException.FAILURE

• getOption

  public Object getOption(Oid option)
                   throws GSSException

  Description copied from interface: ExtendedGSSContext
  Gets a context option. It can be called by context initiator or acceptor.

  Specified by:

  getOption in interface ExtendedGSSContext

  Parameters:

  option - option type.

  Returns:

  value option value. Maybe be null.

  Throws:

  GSSException - containing the following major error codes: GSSException.FAILURE

• initDelegation

  public byte[] initDelegation(GSSCredential credential,
                      Oid mechanism,
                      int lifetime,
                      byte[] buf,
                      int off,
                      int len)
                        throws GSSException

  Initiate the delegation of a credential. This function drives the initiating side of the credential delegation process. It is expected to be called in tandem with the acceptDelegation function.
  The behavior of this function can be modified by GSSConstants.DELEGATION_TYPE and GSSConstants.GSS_MODE context options. The GSSConstants.DELEGATION_TYPE option controls delegation type to be performed. The GSSConstants.GSS_MODE option if set to GSIConstants.MODE_SSL results in tokens that are not wrapped.

  Specified by:

  initDelegation in interface ExtendedGSSContext

  Parameters:

  credential - The credential to be delegated. May be null in which case the credential associated with the security context is used.

  mechanism - The desired security mechanism. May be null.

  lifetime - The requested period of validity (seconds) of the delegated credential.

  Returns:

  A token that should be passed to acceptDelegation if isDelegationFinished returns false. May be null.

  Throws:

  GSSException - containing the following major error codes: GSSException.FAILURE

• acceptDelegation

  public byte[] acceptDelegation(int lifetime,
                        byte[] buf,
                        int off,
                        int len)
                          throws GSSException

  Accept a delegated credential. This function drives the accepting side of the credential delegation process. It is expected to be called in tandem with the initDelegation function.
  The behavior of this function can be modified by GSSConstants.GSS_MODE context option. The GSSConstants.GSS_MODE option if set to GSIConstants.MODE_SSL results in tokens that are not wrapped.

  Specified by:

  acceptDelegation in interface ExtendedGSSContext

  Parameters:

  lifetime - The requested period of validity (seconds) of the delegated credential.

  Returns:

  A token that should be passed to initDelegation if isDelegationFinished returns false. May be null.

  Throws:

  GSSException - containing the following major error codes: GSSException.FAILURE

• getDelegatedCredential

  public GSSCredential getDelegatedCredential()

  Description copied from interface: ExtendedGSSContext
  Returns the delegated credential that was delegated using the initDelegation and acceptDelegation functions. This is to be called on the delegation accepting side once once isDelegationFinished returns true.

  Specified by:

  getDelegatedCredential in interface ExtendedGSSContext

  Returns:

  The delegated credential. Might be null if credential delegation is not finished.

• isDelegationFinished

  public boolean isDelegationFinished()

  Description copied from interface: ExtendedGSSContext
  Used during delegation to determine the state of the delegation.

  Specified by:

  isDelegationFinished in interface ExtendedGSSContext

  Returns:

  true if delegation was completed, false otherwise.

• inquireByOid

  public Object inquireByOid(Oid oid)
                      throws GSSException

  Retrieves arbitrary data about this context. Currently supported oid:

  • GSSConstants.X509_CERT_CHAIN returns certificate chain of the peer (X509Certificate[]).

  Specified by:

  inquireByOid in interface ExtendedGSSContext

  Parameters:

  oid - the oid of the information desired.

  Returns:

  the information desired. Might be null.

  Throws:

  GSSException - containing the following major error codes: GSSException.FAILURE

• setBannedCiphers

  public void setBannedCiphers(String[] ciphers)

  Description copied from interface: ExtendedGSSContext
  Specifies a list of ciphers that will not be used.

  Specified by:

  setBannedCiphers in interface ExtendedGSSContext

  Parameters:

  ciphers - The list of banned ciphers.

• getWrapSizeLimit

  public int getWrapSizeLimit(int qop,
                     boolean confReq,
                     int maxTokenSize)
                       throws GSSException

  Currently not implemented.

  Specified by:

  getWrapSizeLimit in interface GSSContext

  Throws:

  GSSException

• wrap

  public void wrap(InputStream inStream,
          OutputStream outStream,
          MessageProp msgProp)
            throws GSSException

  Currently not implemented.

  Specified by:

  wrap in interface GSSContext

  Throws:

  GSSException

• unwrap

  public void unwrap(InputStream inStream,
            OutputStream outStream,
            MessageProp msgProp)
              throws GSSException

  Currently not implemented.

  Specified by:

  unwrap in interface GSSContext

  Throws:

  GSSException

• getMIC

  public void getMIC(InputStream inStream,
            OutputStream outStream,
            MessageProp msgProp)
              throws GSSException

  Currently not implemented.

  Specified by:

  getMIC in interface GSSContext

  Throws:

  GSSException

• verifyMIC

  public void verifyMIC(InputStream tokStream,
               InputStream msgStream,
               MessageProp msgProp)
                 throws GSSException

  Currently not implemented.

  Specified by:

  verifyMIC in interface GSSContext

  Throws:

  GSSException

• setChannelBinding

  public void setChannelBinding(ChannelBinding cb)
                         throws GSSException

  Currently not implemented.

  Specified by:

  setChannelBinding in interface GSSContext

  Throws:

  GSSException

• isTransferable

  public boolean isTransferable()
                         throws GSSException

  Currently not implemented.

  Specified by:

  isTransferable in interface GSSContext

  Throws:

  GSSException

• export

  public byte[] export()
                throws GSSException

  Currently not implemented.

  Specified by:

  export in interface GSSContext

  Throws:

  GSSException