org.globus.gsi.gssapi

Class GlobusGSSContextImpl

java.lang.Object

org.globus.gsi.gssapi.GlobusGSSContextImpl

All Implemented Interfaces:

ExtendedGSSContext, org.ietf.jgss.GSSContext

public class GlobusGSSContextImpl
extends java.lang.Object
implements ExtendedGSSContext

Implementation of SSL/GSI mechanism for Java GSS-API. The implementation is based on JSSE (for SSL API) and the BouncyCastle library (for certificate processing API).
The implementation is not designed to be thread-safe.

Field Summary

Fields

Modifier and Type	Field and Description
protected java.lang.Boolean	acceptNoClientCerts
protected boolean	anonymity
protected BouncyCastleCertProcessingFactory	certFactory
protected java.lang.Boolean	checkContextExpiration
protected boolean	conn
protected boolean	credentialDelegation
protected GlobusGSSCredentialImpl	ctxCred Credential of this context.
protected ExtendedGSSCredential	delegatedCred Credential delegated using delegation API
protected boolean	delegationFinished Delegation finished indicator
protected int	delegationState Delegation state
protected GSIConstants.DelegationType	delegationType
protected ExtendedGSSCredential	delegCred Credential delegated during context establishment
protected boolean	encryption
protected boolean	established
protected org.ietf.jgss.GSSName	expectedTargetName Expected target name.
protected java.lang.Boolean	forceSSLv3AndConstrainCipherSuitesForGram
protected java.util.Date	goodUntil Context expiration date.
static int	GSI_WRAP Used to distinguish between a token created by wrap with GSSConstants.GSI_BIG QoP and a regular token created by wrap.
protected java.lang.Integer	gssMode
protected java.security.KeyPair	keyPair Used during delegation
protected java.lang.Boolean	peerLimited Limited peer credentials
protected java.util.Map	proxyPolicyHandlers
protected java.lang.Boolean	rejectLimitedProxy
protected java.lang.Boolean	requireAuthzWithDelegation
protected java.lang.Boolean	requireClientAuth
protected int	role Context role
protected org.ietf.jgss.GSSName	sourceName The name of the context initiator
protected SSLConfigurator	sslConfigurator
protected javax.net.ssl.SSLContext	sslContext
protected javax.net.ssl.SSLEngine	sslEngine
protected int	state Handshake state
protected org.ietf.jgss.GSSName	targetName The name of the context acceptor

Fields inherited from interface org.ietf.jgss.GSSContext

DEFAULT_LIFETIME, INDEFINITE_LIFETIME

Constructor Summary

Constructors

Constructor and Description
GlobusGSSContextImpl(org.ietf.jgss.GSSName target, GlobusGSSCredentialImpl cred)

Method Summary

Methods

Modifier and Type	Method and Description
byte[]	acceptDelegation(int lifetime, byte[] buf, int off, int len) Accept a delegated credential.
byte[]	acceptSecContext(byte[] inBuff, int off, int len) This function drives the accepting side of the context establishment process.
void	acceptSecContext(java.io.InputStream in, java.io.OutputStream out) It works just like acceptSecContext method.
protected void	checkContext()
void	dispose()
byte[]	export() Currently not implemented.
protected byte[]	generateCertRequest(java.security.cert.X509Certificate cert)
boolean	getAnonymityState()
boolean	getConfState()
boolean	getCredDelegState()
org.ietf.jgss.GSSCredential	getDelegatedCredential() Returns the delegated credential that was delegated using the initDelegation and acceptDelegation functions.
org.ietf.jgss.GSSCredential	getDelegCred()
boolean	getIntegState()
int	getLifetime()
org.ietf.jgss.Oid	getMech()
byte[]	getMIC(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) Returns a cryptographic MIC (message integrity check) of a specified message.
void	getMIC(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) Currently not implemented.
boolean	getMutualAuthState()
java.lang.Object	getOption(org.ietf.jgss.Oid option) Gets a context option.
boolean	getReplayDetState()
boolean	getSequenceDetState()
org.ietf.jgss.GSSName	getSrcName()
org.ietf.jgss.GSSName	getTargName()
int	getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize) Currently not implemented.
byte[]	initDelegation(org.ietf.jgss.GSSCredential credential, org.ietf.jgss.Oid mechanism, int lifetime, byte[] buf, int off, int len) Initiate the delegation of a credential.
byte[]	initSecContext(byte[] inBuff, int off, int len) This function drives the initiating side of the context establishment process.
int	initSecContext(java.io.InputStream in, java.io.OutputStream out) It works just like initSecContext method.
java.lang.Object	inquireByOid(org.ietf.jgss.Oid oid) Retrieves arbitrary data about this context.
boolean	isDelegationFinished() Used during delegation to determine the state of the delegation.
boolean	isEstablished()
boolean	isInitiator()
boolean	isProtReady()
boolean	isTransferable() Currently not implemented.
void	requestAnonymity(boolean state)
void	requestConf(boolean state)
void	requestCredDeleg(boolean state)
void	requestInteg(boolean state)
void	requestLifetime(int lifetime)
void	requestMutualAuth(boolean state)
void	requestReplayDet(boolean state)
void	requestSequenceDet(boolean state)
protected void	setAcceptNoClientCerts(java.lang.Object value)
void	setBannedCiphers(java.lang.String[] ciphers) Specifies a list of ciphers that will not be used.
void	setChannelBinding(org.ietf.jgss.ChannelBinding cb) Currently not implemented.
protected void	setCheckContextExpired(java.lang.Object value)
protected void	setDelegationType(java.lang.Object value)
protected void	setForceSslV3AndConstrainCipherSuitesForGram(java.lang.Object value)
protected void	setGssMode(java.lang.Object value)
void	setOption(org.ietf.jgss.Oid option, java.lang.Object value) Sets a context option.
protected void	setProxyPolicyHandlers(java.lang.Object value)
protected void	setRejectLimitedProxy(java.lang.Object value)
protected void	setRequireAuthzWithDelegation(java.lang.Object value)
protected void	setRequireClientAuth(java.lang.Object value)
byte[]	unwrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) Unwraps a token generated by wrap method on the other side of the context.
void	unwrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) Currently not implemented.
protected void	verifyDelegatedCert(java.security.cert.X509Certificate certificate)
void	verifyMIC(byte[] inTok, int tokOff, int tokLen, byte[] inMsg, int msgOff, int msgLen, org.ietf.jgss.MessageProp prop) Verifies a cryptographic MIC (message integrity check) of a specified message.
void	verifyMIC(java.io.InputStream tokStream, java.io.InputStream msgStream, org.ietf.jgss.MessageProp msgProp) Currently not implemented.
byte[]	wrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) Wraps a message for integrity and protection.
void	wrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) Currently not implemented.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GSI_WRAP

public static final int GSI_WRAP

Used to distinguish between a token created by wrap with GSSConstants.GSI_BIG QoP and a regular token created by wrap.

See Also:

Constant Field Values

state

protected int state

Handshake state

delegationState

protected int delegationState

Delegation state

delegatedCred

protected ExtendedGSSCredential delegatedCred

Credential delegated using delegation API

delegationFinished

protected boolean delegationFinished

Delegation finished indicator

credentialDelegation

protected boolean credentialDelegation

anonymity

protected boolean anonymity

encryption

protected boolean encryption

established

protected boolean established

sourceName

protected org.ietf.jgss.GSSName sourceName

The name of the context initiator

targetName

protected org.ietf.jgss.GSSName targetName

The name of the context acceptor

role

protected int role

Context role

delegCred

protected ExtendedGSSCredential delegCred

Credential delegated during context establishment

delegationType

protected GSIConstants.DelegationType delegationType

gssMode

protected java.lang.Integer gssMode

checkContextExpiration

protected java.lang.Boolean checkContextExpiration

rejectLimitedProxy

protected java.lang.Boolean rejectLimitedProxy

requireClientAuth

protected java.lang.Boolean requireClientAuth

acceptNoClientCerts

protected java.lang.Boolean acceptNoClientCerts

requireAuthzWithDelegation

protected java.lang.Boolean requireAuthzWithDelegation

forceSSLv3AndConstrainCipherSuitesForGram

protected java.lang.Boolean forceSSLv3AndConstrainCipherSuitesForGram

ctxCred

protected GlobusGSSCredentialImpl ctxCred

Credential of this context. Might be anonymous

expectedTargetName

protected org.ietf.jgss.GSSName expectedTargetName

Expected target name. Used for authorization in initiator

goodUntil

protected java.util.Date goodUntil

Context expiration date.

sslConfigurator

protected SSLConfigurator sslConfigurator

sslContext

protected javax.net.ssl.SSLContext sslContext

sslEngine

protected javax.net.ssl.SSLEngine sslEngine

conn

protected boolean conn

certFactory

protected BouncyCastleCertProcessingFactory certFactory

keyPair

protected java.security.KeyPair keyPair

Used during delegation

proxyPolicyHandlers

protected java.util.Map proxyPolicyHandlers

peerLimited

protected java.lang.Boolean peerLimited

Limited peer credentials

Constructor Detail

GlobusGSSContextImpl

public GlobusGSSContextImpl(org.ietf.jgss.GSSName target,
                    GlobusGSSCredentialImpl cred)
                     throws org.ietf.jgss.GSSException

Parameters:

target - expected target name. Can be null.

cred - credential. Cannot be null. Might be anonymous.

Throws:

org.ietf.jgss.GSSException

Method Detail

acceptSecContext

public byte[] acceptSecContext(byte[] inBuff,
                      int off,
                      int len)
                        throws org.ietf.jgss.GSSException

This function drives the accepting side of the context establishment process. It is expected to be called in tandem with the initSecContext function.
The behavior of context establishment process can be modified by GSSConstants.GSS_MODE and GSSConstants.REJECT_LIMITED_PROXY context options. If the GSSConstants.GSS_MODE option is set to GSIConstants.MODE_SSL the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set to GSIConstants.MODE_GSI credential delegation during context establishment process will be accepted. If the GSSConstants.REJECT_LIMITED_PROXY option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.

Specified by:

acceptSecContext in interface org.ietf.jgss.GSSContext

Returns:

a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data)

Throws:

org.ietf.jgss.GSSException

initSecContext

public byte[] initSecContext(byte[] inBuff,
                    int off,
                    int len)
                      throws org.ietf.jgss.GSSException

This function drives the initiating side of the context establishment process. It is expected to be called in tandem with the acceptSecContext function.
The behavior of context establishment process can be modified by GSSConstants.GSS_MODE, GSSConstants.DELEGATION_TYPE, and GSSConstants.REJECT_LIMITED_PROXY context options. If the GSSConstants.GSS_MODE option is set to GSIConstants.MODE_SSL the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set to GSIConstants.GSS_MODE_GSI credential delegation during context establishment process will performed. The delegation type to be performed can be set using the GSSConstants.DELEGATION_TYPE context option. If the GSSConstants.REJECT_LIMITED_PROXY option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.

Specified by:

initSecContext in interface org.ietf.jgss.GSSContext

Returns:

a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data).

Throws:

org.ietf.jgss.GSSException

wrap

public byte[] wrap(byte[] inBuf,
          int off,
          int len,
          org.ietf.jgss.MessageProp prop)
            throws org.ietf.jgss.GSSException

Wraps a message for integrity and protection. A regular SSL-wrapped token is returned.

Specified by:

wrap in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

unwrap

public byte[] unwrap(byte[] inBuf,
            int off,
            int len,
            org.ietf.jgss.MessageProp prop)
              throws org.ietf.jgss.GSSException

Unwraps a token generated by wrap method on the other side of the context.

Specified by:

unwrap in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

dispose

public void dispose()
             throws org.ietf.jgss.GSSException

Specified by:

dispose in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

isEstablished

public boolean isEstablished()

Specified by:

isEstablished in interface org.ietf.jgss.GSSContext

requestCredDeleg

public void requestCredDeleg(boolean state)
                      throws org.ietf.jgss.GSSException

Specified by:

requestCredDeleg in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getCredDelegState

public boolean getCredDelegState()

Specified by:

getCredDelegState in interface org.ietf.jgss.GSSContext

isInitiator

public boolean isInitiator()
                    throws org.ietf.jgss.GSSException

Specified by:

isInitiator in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

isProtReady

public boolean isProtReady()

Specified by:

isProtReady in interface org.ietf.jgss.GSSContext

requestLifetime

public void requestLifetime(int lifetime)
                     throws org.ietf.jgss.GSSException

Specified by:

requestLifetime in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getLifetime

public int getLifetime()

Specified by:

getLifetime in interface org.ietf.jgss.GSSContext

getMech

public org.ietf.jgss.Oid getMech()
                          throws org.ietf.jgss.GSSException

Specified by:

getMech in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getDelegCred

public org.ietf.jgss.GSSCredential getDelegCred()
                                         throws org.ietf.jgss.GSSException

Specified by:

getDelegCred in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

requestConf

public void requestConf(boolean state)
                 throws org.ietf.jgss.GSSException

Specified by:

requestConf in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getConfState

public boolean getConfState()

Specified by:

getConfState in interface org.ietf.jgss.GSSContext

getMIC

public byte[] getMIC(byte[] inBuf,
            int off,
            int len,
            org.ietf.jgss.MessageProp prop)
              throws org.ietf.jgss.GSSException

Returns a cryptographic MIC (message integrity check) of a specified message.

Specified by:

getMIC in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

verifyMIC

public void verifyMIC(byte[] inTok,
             int tokOff,
             int tokLen,
             byte[] inMsg,
             int msgOff,
             int msgLen,
             org.ietf.jgss.MessageProp prop)
               throws org.ietf.jgss.GSSException

Verifies a cryptographic MIC (message integrity check) of a specified message.

Specified by:

verifyMIC in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

initSecContext

public int initSecContext(java.io.InputStream in,
                 java.io.OutputStream out)
                   throws org.ietf.jgss.GSSException

It works just like initSecContext method. It reads one SSL token from input stream, calls initSecContext method and writes the output token to the output stream (if any) SSL token is not read on the initial call.

Specified by:

initSecContext in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

acceptSecContext

public void acceptSecContext(java.io.InputStream in,
                    java.io.OutputStream out)
                      throws org.ietf.jgss.GSSException

It works just like acceptSecContext method. It reads one SSL token from input stream, calls acceptSecContext method and writes the output token to the output stream (if any)

Specified by:

acceptSecContext in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getSrcName

public org.ietf.jgss.GSSName getSrcName()
                                 throws org.ietf.jgss.GSSException

Specified by:

getSrcName in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getTargName

public org.ietf.jgss.GSSName getTargName()
                                  throws org.ietf.jgss.GSSException

Specified by:

getTargName in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

requestInteg

public void requestInteg(boolean state)
                  throws org.ietf.jgss.GSSException

Specified by:

requestInteg in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getIntegState

public boolean getIntegState()

Specified by:

getIntegState in interface org.ietf.jgss.GSSContext

requestSequenceDet

public void requestSequenceDet(boolean state)
                        throws org.ietf.jgss.GSSException

Specified by:

requestSequenceDet in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getSequenceDetState

public boolean getSequenceDetState()

Specified by:

getSequenceDetState in interface org.ietf.jgss.GSSContext

requestReplayDet

public void requestReplayDet(boolean state)
                      throws org.ietf.jgss.GSSException

Specified by:

requestReplayDet in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getReplayDetState

public boolean getReplayDetState()

Specified by:

getReplayDetState in interface org.ietf.jgss.GSSContext

requestAnonymity

public void requestAnonymity(boolean state)
                      throws org.ietf.jgss.GSSException

Specified by:

requestAnonymity in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getAnonymityState

public boolean getAnonymityState()

Specified by:

getAnonymityState in interface org.ietf.jgss.GSSContext

requestMutualAuth

public void requestMutualAuth(boolean state)
                       throws org.ietf.jgss.GSSException

Specified by:

requestMutualAuth in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getMutualAuthState

public boolean getMutualAuthState()

Specified by:

getMutualAuthState in interface org.ietf.jgss.GSSContext

generateCertRequest

protected byte[] generateCertRequest(java.security.cert.X509Certificate cert)
                              throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

verifyDelegatedCert

protected void verifyDelegatedCert(java.security.cert.X509Certificate certificate)
                            throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

checkContext

protected void checkContext()
                     throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setGssMode

protected void setGssMode(java.lang.Object value)
                   throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setDelegationType

protected void setDelegationType(java.lang.Object value)
                          throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setCheckContextExpired

protected void setCheckContextExpired(java.lang.Object value)
                               throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setRejectLimitedProxy

protected void setRejectLimitedProxy(java.lang.Object value)
                              throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setRequireClientAuth

protected void setRequireClientAuth(java.lang.Object value)
                             throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setRequireAuthzWithDelegation

protected void setRequireAuthzWithDelegation(java.lang.Object value)
                                      throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setAcceptNoClientCerts

protected void setAcceptNoClientCerts(java.lang.Object value)
                               throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setForceSslV3AndConstrainCipherSuitesForGram

protected void setForceSslV3AndConstrainCipherSuitesForGram(java.lang.Object value)
                                                     throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setProxyPolicyHandlers

protected void setProxyPolicyHandlers(java.lang.Object value)
                               throws org.ietf.jgss.GSSException

Throws:

org.ietf.jgss.GSSException

setOption

public void setOption(org.ietf.jgss.Oid option,
             java.lang.Object value)
               throws org.ietf.jgss.GSSException

Description copied from interface: ExtendedGSSContext

Sets a context option. It can be called by context initiator or acceptor but prior to the first call to initSecContext, acceptSecContext, initDelegation or acceptDelegation.

Specified by:

setOption in interface ExtendedGSSContext

Parameters:

option - option type.

value - option value.

Throws:

org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE

getOption

public java.lang.Object getOption(org.ietf.jgss.Oid option)
                           throws org.ietf.jgss.GSSException

Description copied from interface: ExtendedGSSContext

Gets a context option. It can be called by context initiator or acceptor.

Specified by:

getOption in interface ExtendedGSSContext

Parameters:

option - option type.

Returns:

value option value. Maybe be null.

Throws:

org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE

initDelegation

public byte[] initDelegation(org.ietf.jgss.GSSCredential credential,
                    org.ietf.jgss.Oid mechanism,
                    int lifetime,
                    byte[] buf,
                    int off,
                    int len)
                      throws org.ietf.jgss.GSSException

Initiate the delegation of a credential. This function drives the initiating side of the credential delegation process. It is expected to be called in tandem with the acceptDelegation function.
The behavior of this function can be modified by GSSConstants.DELEGATION_TYPE and GSSConstants.GSS_MODE context options. The GSSConstants.DELEGATION_TYPE option controls delegation type to be performed. The GSSConstants.GSS_MODE option if set to GSIConstants.MODE_SSL results in tokens that are not wrapped.

Specified by:

initDelegation in interface ExtendedGSSContext

Parameters:

credential - The credential to be delegated. May be null in which case the credential associated with the security context is used.

mechanism - The desired security mechanism. May be null.

lifetime - The requested period of validity (seconds) of the delegated credential.

Returns:

A token that should be passed to acceptDelegation if isDelegationFinished returns false. May be null.

Throws:

org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE

acceptDelegation

public byte[] acceptDelegation(int lifetime,
                      byte[] buf,
                      int off,
                      int len)
                        throws org.ietf.jgss.GSSException

Accept a delegated credential. This function drives the accepting side of the credential delegation process. It is expected to be called in tandem with the initDelegation function.
The behavior of this function can be modified by GSSConstants.GSS_MODE context option. The GSSConstants.GSS_MODE option if set to GSIConstants.MODE_SSL results in tokens that are not wrapped.

Specified by:

acceptDelegation in interface ExtendedGSSContext

Parameters:

lifetime - The requested period of validity (seconds) of the delegated credential.

Returns:

A token that should be passed to initDelegation if isDelegationFinished returns false. May be null.

Throws:

org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE

getDelegatedCredential

public org.ietf.jgss.GSSCredential getDelegatedCredential()

Description copied from interface: ExtendedGSSContext

Returns the delegated credential that was delegated using the initDelegation and acceptDelegation functions. This is to be called on the delegation accepting side once once isDelegationFinished returns true.

Specified by:

getDelegatedCredential in interface ExtendedGSSContext

Returns:

The delegated credential. Might be null if credential delegation is not finished.

isDelegationFinished

public boolean isDelegationFinished()

Description copied from interface: ExtendedGSSContext

Used during delegation to determine the state of the delegation.

Specified by:

isDelegationFinished in interface ExtendedGSSContext

Returns:

true if delegation was completed, false otherwise.

inquireByOid

public java.lang.Object inquireByOid(org.ietf.jgss.Oid oid)
                              throws org.ietf.jgss.GSSException

Retrieves arbitrary data about this context. Currently supported oid:

• GSSConstants.X509_CERT_CHAIN returns certificate chain of the peer (X509Certificate[]).

Specified by:

inquireByOid in interface ExtendedGSSContext

Parameters:

oid - the oid of the information desired.

Returns:

the information desired. Might be null.

Throws:

org.ietf.jgss.GSSException - containing the following major error codes: GSSException.FAILURE

setBannedCiphers

public void setBannedCiphers(java.lang.String[] ciphers)

Description copied from interface: ExtendedGSSContext

Specifies a list of ciphers that will not be used.

Specified by:

setBannedCiphers in interface ExtendedGSSContext

Parameters:

ciphers - The list of banned ciphers.

getWrapSizeLimit

public int getWrapSizeLimit(int qop,
                   boolean confReq,
                   int maxTokenSize)
                     throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

getWrapSizeLimit in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

wrap

public void wrap(java.io.InputStream inStream,
        java.io.OutputStream outStream,
        org.ietf.jgss.MessageProp msgProp)
          throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

wrap in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

unwrap

public void unwrap(java.io.InputStream inStream,
          java.io.OutputStream outStream,
          org.ietf.jgss.MessageProp msgProp)
            throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

unwrap in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

getMIC

public void getMIC(java.io.InputStream inStream,
          java.io.OutputStream outStream,
          org.ietf.jgss.MessageProp msgProp)
            throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

getMIC in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

verifyMIC

public void verifyMIC(java.io.InputStream tokStream,
             java.io.InputStream msgStream,
             org.ietf.jgss.MessageProp msgProp)
               throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

verifyMIC in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

setChannelBinding

public void setChannelBinding(org.ietf.jgss.ChannelBinding cb)
                       throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

setChannelBinding in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

isTransferable

public boolean isTransferable()
                       throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

isTransferable in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException

export

public byte[] export()
              throws org.ietf.jgss.GSSException

Currently not implemented.

Specified by:

export in interface org.ietf.jgss.GSSContext

Throws:

org.ietf.jgss.GSSException