linkerlau/my-jdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(jdk8): move files to new folder to avoid resources compiled.

Browse Source
This commit is contained in:
linkerlau
2025-09-07 15:25:52 +08:00
parent 3f0047bf6f
commit 8c35cfb1c0
17415 changed files with 217 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

212
jdkSrc/jdk8/org/ietf/jgss/ChannelBinding.java Normal file
View File

@@ -0,0 +1,212 @@
/*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
import java.net.InetAddress;
import java.util.Arrays;
/**
* This class encapsulates the concept of caller-provided channel
* binding information. Channel bindings are used to strengthen the
* quality with which peer entity authentication is provided during
* context establishment. They enable the GSS-API callers to bind the
* establishment of the security context to relevant characteristics
* like addresses or to application specific data.<p>
*
* The caller initiating the security context must determine the
* appropriate channel binding values to set in the GSSContext object.
* The acceptor must provide an identical binding in order to validate
* that received tokens possess correct channel-related characteristics.<p>
*
* Use of channel bindings is optional in GSS-API. ChannelBinding can be
* set for the {@link GSSContext GSSContext} using the {@link
* GSSContext#setChannelBinding(ChannelBinding) setChannelBinding} method
* before the first call to {@link GSSContext#initSecContext(byte[], int, int)
* initSecContext} or {@link GSSContext#acceptSecContext(byte[], int, int)
* acceptSecContext} has been performed. Unless the <code>setChannelBinding</code>
* method has been used to set the ChannelBinding for a GSSContext object,
* <code>null</code> ChannelBinding will be assumed. <p>
*
* Conceptually, the GSS-API concatenates the initiator and acceptor
* address information, and the application supplied byte array to form an
* octet string. The mechanism calculates a MIC over this octet string and
* binds the MIC to the context establishment token emitted by
* <code>initSecContext</code> method of the <code>GSSContext</code>
* interface. The same bindings are set by the context acceptor for its
* <code>GSSContext</code> object and during processing of the
* <code>acceptSecContext</code> method a MIC is calculated in the same
* way. The calculated MIC is compared with that found in the token, and if
* the MICs differ, accept will throw a <code>GSSException</code> with the
* major code set to {@link GSSException#BAD_BINDINGS BAD_BINDINGS}, and
* the context will not be established. Some mechanisms may include the
* actual channel binding data in the token (rather than just a MIC);
* applications should therefore not use confidential data as
* channel-binding components.<p>
*
* Individual mechanisms may impose additional constraints on addresses
* that may appear in channel bindings. For example, a mechanism may
* verify that the initiator address field of the channel binding
* contains the correct network address of the host system. Portable
* applications should therefore ensure that they either provide correct
* information for the address fields, or omit setting of the addressing
* information.
*
* @author Mayank Upadhyay
* @since 1.4
*/
public class ChannelBinding {
private InetAddress initiator;
private InetAddress acceptor;
private byte[] appData;
/**
* Create a ChannelBinding object with user supplied address information
* and data. <code>null</code> values can be used for any fields which the
* application does not want to specify.
*
* @param initAddr the address of the context initiator.
* <code>null</code> value can be supplied to indicate that the
* application does not want to set this value.
* @param acceptAddr the address of the context
* acceptor. <code>null</code> value can be supplied to indicate that
* the application does not want to set this value.
* @param appData application supplied data to be used as part of the
* channel bindings. <code>null</code> value can be supplied to
* indicate that the application does not want to set this value.
*/
public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
byte[] appData) {
initiator = initAddr;
acceptor = acceptAddr;
if (appData != null) {
this.appData = new byte[appData.length];
java.lang.System.arraycopy(appData, 0, this.appData, 0,
appData.length);
}
}
/**
* Creates a ChannelBinding object without any addressing information.
*
* @param appData application supplied data to be used as part of the
* channel bindings.
*/
public ChannelBinding(byte[] appData) {
this(null, null, appData);
}
/**
* Get the initiator's address for this channel binding.
*
* @return the initiator's address. <code>null</code> is returned if
* the address has not been set.
*/
public InetAddress getInitiatorAddress() {
return initiator;
}
/**
* Get the acceptor's address for this channel binding.
*
* @return the acceptor's address. null is returned if the address has
* not been set.
*/
public InetAddress getAcceptorAddress() {
return acceptor;
}
/**
* Get the application specified data for this channel binding.
*
* @return the application data being used as part of the
* ChannelBinding. <code>null</code> is returned if no application data
* has been specified for the channel binding.
*/
public byte[] getApplicationData() {
if (appData == null) {
return null;
}
byte[] retVal = new byte[appData.length];
System.arraycopy(appData, 0, retVal, 0, appData.length);
return retVal;
}
/**
* Compares two instances of ChannelBinding.
*
* @param obj another ChannelBinding to compare this one with
* @return true if the two ChannelBinding's contain
* the same values for the initiator and acceptor addresses and the
* application data.
*/
public boolean equals(Object obj) {
if (this == obj)
return true;
if (! (obj instanceof ChannelBinding))
return false;
ChannelBinding cb = (ChannelBinding) obj;
if ((initiator != null && cb.initiator == null) ||
(initiator == null && cb.initiator != null))
return false;
if (initiator != null && !initiator.equals(cb.initiator))
return false;
if ((acceptor != null && cb.acceptor == null) ||
(acceptor == null && cb.acceptor != null))
return false;
if (acceptor != null && !acceptor.equals(cb.acceptor))
return false;
return Arrays.equals(appData, cb.appData);
}
/**
* Returns a hashcode value for this ChannelBinding object.
*
* @return a hashCode value
*/
public int hashCode() {
if (initiator != null)
return initiator.hashCode();
else if (acceptor != null)
return acceptor.hashCode();
else if (appData != null)
return new String(appData).hashCode();
else
return 1;
}
}

1347
jdkSrc/jdk8/org/ietf/jgss/GSSContext.java Normal file
View File

File diff suppressed because it is too large Load Diff

370
jdkSrc/jdk8/org/ietf/jgss/GSSCredential.java Normal file
View File

@@ -0,0 +1,370 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
/**
* This interface encapsulates the GSS-API credentials for an entity. A
* credential contains all the necessary cryptographic information to
* enable the creation of a context on behalf of the entity that it
* represents. It may contain multiple, distinct, mechanism specific
* credential elements, each containing information for a specific
* security mechanism, but all referring to the same entity. A credential
* may be used to perform context initiation, acceptance, or both.<p>
*
* Credentials are instantiated using one of the
* <code>createCredential</code> methods in the {@link GSSManager
* GSSManager} class. GSS-API credential creation is not
* intended to provide a "login to the network" function, as such a
* function would involve the creation of new credentials rather than
* merely acquiring a handle to existing credentials. The
* <a href=package-summary.html#useSubjectCredsOnly>section on credential
* acquisition</a> in the package level description describes
* how existing credentials are acquired in the Java platform. GSS-API
* implementations must impose a local access-control policy on callers to
* prevent unauthorized callers from acquiring credentials to which they
* are not entitled. <p>
*
* Applications will create a credential object passing the desired
* parameters. The application can then use the query methods to obtain
* specific information about the instantiated credential object.
* When the credential is no longer needed, the application should call
* the {@link #dispose() dispose} method to release any resources held by
* the credential object and to destroy any cryptographically sensitive
* information.<p>
*
* This example code demonstrates the creation of a GSSCredential
* implementation for a specific entity, querying of its fields, and its
* release when it is no longer needed:<p>
* <pre>
* GSSManager manager = GSSManager.getInstance();
*
* // start by creating a name object for the entity
* GSSName name = manager.createName("myusername", GSSName.NT_USER_NAME);
*
* // now acquire credentials for the entity
* GSSCredential cred = manager.createCredential(name,
* GSSCredential.ACCEPT_ONLY);
*
* // display credential information - name, remaining lifetime,
* // and the mechanisms it has been acquired over
* System.out.println(cred.getName().toString());
* System.out.println(cred.getRemainingLifetime());
*
* Oid [] mechs = cred.getMechs();
* if (mechs != null) {
* for (int i = 0; i < mechs.length; i++)
* System.out.println(mechs[i].toString());
* }
*
* // release system resources held by the credential
* cred.dispose();
* </pre>
*
* @see GSSManager#createCredential(int)
* @see GSSManager#createCredential(GSSName, int, Oid, int)
* @see GSSManager#createCredential(GSSName, int, Oid[], int)
* @see #dispose()
*
* @author Mayank Upadhyay
* @since 1.4
*/
public interface GSSCredential extends Cloneable{
/**
* Credential usage flag requesting that it be usable
* for both context initiation and acceptance.
*
*/
public static final int INITIATE_AND_ACCEPT = 0;
/**
* Credential usage flag requesting that it be usable
* for context initiation only.
*
*/
public static final int INITIATE_ONLY = 1;
/**
* Credential usage flag requesting that it be usable
* for context acceptance only.
*
*/
public static final int ACCEPT_ONLY = 2;
/**
* A lifetime constant representing the default credential lifetime. This
* value it set to 0.
*/
public static final int DEFAULT_LIFETIME = 0;
/**
* A lifetime constant representing indefinite credential lifetime.
* This value must is set to the maximum integer value in Java -
* {@link java.lang.Integer#MAX_VALUE Integer.MAX_VALUE}.
*/
public static final int INDEFINITE_LIFETIME = Integer.MAX_VALUE;
/**
* Releases any sensitive information that the GSSCredential object may
* be containing. Applications should call this method as soon as the
* credential is no longer needed to minimize the time any sensitive
* information is maintained.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public void dispose() throws GSSException;
/**
* Retrieves the name of the entity that the credential asserts.
*
* @return a GSSName representing the entity
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public GSSName getName() throws GSSException;
/**
* Retrieves a Mechanism Name of the entity that the credential
* asserts. This is equivalent to calling {@link
* GSSName#canonicalize(Oid) canonicalize} on the value returned by
* the other form of {@link #getName() getName}.
*
* @param mech the Oid of the mechanism for which the Mechanism Name
* should be returned.
* @return a GSSName representing the entity canonicalized for the
* desired mechanism
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public GSSName getName(Oid mech) throws GSSException;
/**
* Returns the remaining lifetime in seconds for a credential. The
* remaining lifetime is the minimum lifetime amongst all of the underlying
* mechanism specific credential elements.
*
* @return the minimum remaining lifetime in seconds for this
* credential. A return value of {@link #INDEFINITE_LIFETIME
* INDEFINITE_LIFETIME} indicates that the credential does
* not expire. A return value of 0 indicates that the credential is
* already expired.
*
* @see #getRemainingInitLifetime(Oid)
* @see #getRemainingAcceptLifetime(Oid)
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public int getRemainingLifetime() throws GSSException;
/**
* Returns the lifetime in seconds for the credential to remain capable
* of initiating security contexts using the specified mechanism. This
* method queries the initiator credential element that belongs to the
* specified mechanism.
*
* @return the number of seconds remaining in the life of this credential
* element. A return value of {@link #INDEFINITE_LIFETIME
* INDEFINITE_LIFETIME} indicates that the credential element does not
* expire. A return value of 0 indicates that the credential element is
* already expired.
*
* @param mech the Oid of the mechanism whose initiator credential element
* should be queried.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public int getRemainingInitLifetime(Oid mech) throws GSSException;
/**
* Returns the lifetime in seconds for the credential to remain capable
* of accepting security contexts using the specified mechanism. This
* method queries the acceptor credential element that belongs to the
* specified mechanism.
*
* @return the number of seconds remaining in the life of this credential
* element. A return value of {@link #INDEFINITE_LIFETIME
* INDEFINITE_LIFETIME} indicates that the credential element does not
* expire. A return value of 0 indicates that the credential element is
* already expired.
*
* @param mech the Oid of the mechanism whose acceptor credential element
* should be queried.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public int getRemainingAcceptLifetime(Oid mech) throws GSSException;
/**
* Returns the credential usage mode. In other words, it
* tells us if this credential can be used for initiating or accepting
* security contexts. It does not tell us which mechanism(s) has to be
* used in order to do so. It is expected that an application will allow
* the GSS-API to pick a default mechanism after calling this method.
*
* @return The return value will be one of {@link #INITIATE_ONLY
* INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link
* #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public int getUsage() throws GSSException;
/**
* Returns the credential usage mode for a specific mechanism. In other
* words, it tells us if this credential can be used
* for initiating or accepting security contexts with a given underlying
* mechanism.
*
* @return The return value will be one of {@link #INITIATE_ONLY
* INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link
* #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}.
* @param mech the Oid of the mechanism whose credentials usage mode is
* to be determined.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public int getUsage(Oid mech) throws GSSException;
/**
* Returns a list of mechanisms supported by this credential. It does
* not tell us which ones can be used to initiate
* contexts and which ones can be used to accept contexts. The
* application must call the {@link #getUsage(Oid) getUsage} method with
* each of the returned Oid's to determine the possible modes of
* usage.
*
* @return an array of Oid's corresponding to the supported mechanisms.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public Oid[] getMechs() throws GSSException;
/**
* Adds a mechanism specific credential-element to an existing
* credential. This method allows the construction of credentials, one
* mechanism at a time.<p>
*
* This routine is envisioned to be used mainly by context acceptors
* during the creation of acceptor credentials which are to be used
* with a variety of clients using different security mechanisms.<p>
*
* This routine adds the new credential element "in-place". To add the
* element in a new credential, first call <code>clone</code> to obtain a
* copy of this credential, then call its <code>add</code> method.<p>
*
* As always, GSS-API implementations must impose a local access-control
* policy on callers to prevent unauthorized callers from acquiring
* credentials to which they are not entitled.
*
* Non-default values for initLifetime and acceptLifetime cannot always
* be honored by the underlying mechanisms, thus callers should be
* prepared to call {@link #getRemainingInitLifetime(Oid)
* getRemainingInitLifetime} and {@link #getRemainingAcceptLifetime(Oid)
* getRemainingAcceptLifetime} on the credential.
*
* @param name the name of the principal for whom this credential is to
* be acquired. Use <code>null</code> to specify the default
* principal.
* @param initLifetime the number of seconds that the credential element
* should remain valid for initiating of security contexts. Use {@link
* GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME}
* to request that the credentials have the maximum permitted lifetime
* for this. Use {@link GSSCredential#DEFAULT_LIFETIME
* GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime
* for this.
* @param acceptLifetime the number of seconds that the credential
* element should remain valid for accepting security contexts. Use {@link
* GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME}
* to request that the credentials have the maximum permitted lifetime
* for this. Use {@link GSSCredential#DEFAULT_LIFETIME
* GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime
* for this.
* @param mech the mechanism over which the credential is to be acquired.
* @param usage the usage mode that this credential
* element should add to the credential. The value
* of this parameter must be one of:
* {@link #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT},
* {@link #ACCEPT_ONLY ACCEPT_ONLY}, and
* {@link #INITIATE_ONLY INITIATE_ONLY}.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#DUPLICATE_ELEMENT
* GSSException.DUPLICATE_ELEMENT},
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#NO_CRED GSSException.NO_CRED},
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public void add(GSSName name, int initLifetime, int acceptLifetime,
Oid mech, int usage) throws GSSException;
/**
* Tests if this GSSCredential asserts the same entity as the supplied
* object. The two credentials must be acquired over the same
* mechanisms and must refer to the same principal.
*
* @return <code>true</code> if the two GSSCredentials assert the same
* entity; <code>false</code> otherwise.
* @param another another GSSCredential for comparison to this one
*/
public boolean equals(Object another);
/**
* Returns a hashcode value for this GSSCredential.
*
* @return a hashCode value
*/
public int hashCode();
}

403
jdkSrc/jdk8/org/ietf/jgss/GSSException.java Normal file
View File

@@ -0,0 +1,403 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
/**
* This exception is thrown whenever a GSS-API error occurs, including
* any mechanism specific error. It may contain both the major and the
* minor GSS-API status codes. Major error codes are those defined at the
* GSS-API level in this class. Minor error codes are mechanism specific
* error codes that can provide additional information. The underlying
* mechanism implementation is responsible for setting appropriate minor
* status codes when throwing this exception. Aside from delivering the
* numeric error codes to the caller, this class performs the mapping from
* their numeric values to textual representations. <p>
*
* @author Mayank Upadhyay
* @since 1.4
*/
public class GSSException extends Exception {
private static final long serialVersionUID = -2706218945227726672L;
/**
* Channel bindings mismatch.
*/
public static final int BAD_BINDINGS = 1; //start with 1
/**
* Unsupported mechanism requested.
*/
public static final int BAD_MECH = 2;
/**
* Invalid name provided.
*/
public static final int BAD_NAME = 3;
/**
* Name of unsupported type provided.
*/
public static final int BAD_NAMETYPE = 4;
/**
* Invalid status code.
*/
/*
* This is meant to be thrown by display_status which displays
* major/minor status when an incorrect status type is passed in to it!
*/
public static final int BAD_STATUS = 5;
/**
* Token had invalid integrity check.
*/
public static final int BAD_MIC = 6;
/**
* Security context expired.
*/
public static final int CONTEXT_EXPIRED = 7;
/**
* Expired credentials.
*/
public static final int CREDENTIALS_EXPIRED = 8;
/**
* Defective credentials.
*
*/
public static final int DEFECTIVE_CREDENTIAL = 9;
/**
* Defective token.
*
*/
public static final int DEFECTIVE_TOKEN = 10;
/**
* General failure, unspecified at GSS-API level.
*/
public static final int FAILURE = 11;
/**
* Invalid security context.
*/
public static final int NO_CONTEXT = 12;
/**
* Invalid credentials.
*/
public static final int NO_CRED = 13;
/**
* Unsupported QOP value.
*/
public static final int BAD_QOP = 14;
/**
* Operation unauthorized.
*/
public static final int UNAUTHORIZED = 15;
/**
* Operation unavailable.
*/
public static final int UNAVAILABLE = 16;
/**
* Duplicate credential element requested.
*/
public static final int DUPLICATE_ELEMENT = 17;
/**
* Name contains multi-mechanism elements.
*/
public static final int NAME_NOT_MN = 18;
/**
* The token was a duplicate of an earlier token.
* This is a fatal error code that may occur during
* context establishment. It is not used to indicate
* supplementary status values. The MessageProp object is
* used for that purpose.
*/
public static final int DUPLICATE_TOKEN = 19;
/**
* The token's validity period has expired. This is a
* fatal error code that may occur during context establishment.
* It is not used to indicate supplementary status values.
* The MessageProp object is used for that purpose.
*/
public static final int OLD_TOKEN = 20;
/**
* A later token has already been processed. This is a
* fatal error code that may occur during context establishment.
* It is not used to indicate supplementary status values.
* The MessageProp object is used for that purpose.
*/
public static final int UNSEQ_TOKEN = 21;
/**
* An expected per-message token was not received. This is a
* fatal error code that may occur during context establishment.
* It is not used to indicate supplementary status values.
* The MessageProp object is used for that purpose.
*/
public static final int GAP_TOKEN = 22;
private static String[] messages = {
"Channel binding mismatch", // BAD_BINDINGS
"Unsupported mechanism requested", // BAD_MECH
"Invalid name provided", // BAD_NAME
"Name of unsupported type provided", //BAD_NAMETYPE
"Invalid input status selector", // BAD_STATUS
"Token had invalid integrity check", // BAD_SIG
"Specified security context expired", // CONTEXT_EXPIRED
"Expired credentials detected", // CREDENTIALS_EXPIRED
"Defective credential detected", // DEFECTIVE_CREDENTIAL
"Defective token detected", // DEFECTIVE_TOKEN
"Failure unspecified at GSS-API level", // FAILURE
"Security context init/accept not yet called or context deleted",
// NO_CONTEXT
"No valid credentials provided", // NO_CRED
"Unsupported QOP value", // BAD_QOP
"Operation unauthorized", // UNAUTHORIZED
"Operation unavailable", // UNAVAILABLE
"Duplicate credential element requested", //DUPLICATE_ELEMENT
"Name contains multi-mechanism elements", // NAME_NOT_MN
"The token was a duplicate of an earlier token", //DUPLICATE_TOKEN
"The token's validity period has expired", //OLD_TOKEN
"A later token has already been processed", //UNSEQ_TOKEN
"An expected per-message token was not received", //GAP_TOKEN
};
/**
* The major code for this exception
*
* @serial
*/
private int major;
/**
* The minor code for this exception
*
* @serial
*/
private int minor = 0;
/**
* The text string for minor code
*
* @serial
*/
private String minorMessage = null;
/**
* Alternate text string for major code
*
* @serial
*/
private String majorString = null;
/**
* Creates a GSSException object with a specified major code.
*
* @param majorCode the The GSS error code for the problem causing this
* exception to be thrown.
*/
public GSSException (int majorCode) {
if (validateMajor(majorCode))
major = majorCode;
else
major = FAILURE;
}
/**
* Construct a GSSException object with a specified major code and a
* specific major string for it.
*
* @param majorCode the fatal error code causing this exception.
* @param majorString an expicit message to be included in this exception
*/
GSSException (int majorCode, String majorString) {
if (validateMajor(majorCode))
major = majorCode;
else
major = FAILURE;
this.majorString = majorString;
}
/**
* Creates a GSSException object with the specified major code, minor
* code, and minor code textual explanation. This constructor is to be
* used when the exception is originating from the underlying mechanism
* level. It allows the setting of both the GSS code and the mechanism
* code.
*
* @param majorCode the GSS error code for the problem causing this
* exception to be thrown.
* @param minorCode the mechanism level error code for the problem
* causing this exception to be thrown.
* @param minorString the textual explanation of the mechanism error
* code.
*/
public GSSException (int majorCode, int minorCode, String minorString) {
if (validateMajor(majorCode))
major = majorCode;
else
major = FAILURE;
minor = minorCode;
minorMessage = minorString;
}
/**
* Returns the GSS-API level major error code for the problem causing
* this exception to be thrown. Major error codes are
* defined at the mechanism independent GSS-API level in this
* class. Mechanism specific error codes that might provide more
* information are set as the minor error code.
*
* @return int the GSS-API level major error code causing this exception
* @see #getMajorString
* @see #getMinor
* @see #getMinorString
*/
public int getMajor() {
return major;
}
/**
* Returns the mechanism level error code for the problem causing this
* exception to be thrown. The minor code is set by the underlying
* mechanism.
*
* @return int the mechanism error code; 0 indicates that it has not
* been set.
* @see #getMinorString
* @see #setMinor
*/
public int getMinor(){
return minor;
}
/**
* Returns a string explaining the GSS-API level major error code in
* this exception.
*
* @return String explanation string for the major error code
* @see #getMajor
* @see #toString
*/
public String getMajorString() {
if (majorString != null)
return majorString;
else
return messages[major - 1];
}
/**
* Returns a string explaining the mechanism specific error code.
* If the minor status code is 0, then no mechanism level error details
* will be available.
*
* @return String a textual explanation of mechanism error code
* @see #getMinor
* @see #getMajorString
* @see #toString
*/
public String getMinorString() {
return minorMessage;
}
/**
* Used by the exception thrower to set the mechanism
* level minor error code and its string explanation. This is used by
* mechanism providers to indicate error details.
*
* @param minorCode the mechanism specific error code
* @param message textual explanation of the mechanism error code
* @see #getMinor
*/
public void setMinor(int minorCode, String message) {
minor = minorCode;
minorMessage = message;
}
/**
* Returns a textual representation of both the major and the minor
* status codes.
*
* @return a String with the error descriptions
*/
public String toString() {
return ("GSSException: " + getMessage());
}
/**
* Returns a textual representation of both the major and the minor
* status codes.
*
* @return a String with the error descriptions
*/
public String getMessage() {
if (minor == 0)
return (getMajorString());
return (getMajorString()
+ " (Mechanism level: " + getMinorString() + ")");
}
/*
* Validates the major code in the proper range.
*/
private boolean validateMajor(int major) {
if (major > 0 && major <= messages.length)
return (true);
return (false);
}
}

729
jdkSrc/jdk8/org/ietf/jgss/GSSManager.java Normal file
View File

@@ -0,0 +1,729 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
import java.security.Provider;
/**
* This class serves as a factory for other important
* GSS-API classes and also provides information about the mechanisms that
* are supported. It can create instances of classes
* implementing the following three GSS-API interfaces: {@link
* GSSName GSSName}, {@link GSSCredential GSSCredential}, and {@link
* GSSContext GSSContext}. It also has methods to query for the list
* of available mechanisms and the nametypes that each mechanism
* supports.<p>
*
* An instance of the default <code>GSSManager</code> subclass
* may be obtained through the static method {@link #getInstance()
* getInstance}, but applications are free to instantiate other subclasses
* of <code>GSSManager</code>. The default <code>GSSManager</code> instance
* will support the Kerberos v5 GSS-API mechanism in addition to any
* others. This mechanism is identified by the Oid "1.2.840.113554.1.2.2"
* and is defined in RFC 1964.<p>
*
* A subclass extending the <code>GSSManager</code> abstract class may be
* implemented as a modular provider based layer that utilizes some well
* known service provider specification. The <code>GSSManager</code> API
* allows the application to set provider preferences on
* such an implementation. These methods also allow the implementation to
* throw a well-defined exception in case provider based configuration is
* not supported. Applications that expect to be portable should be aware
* of this and recover cleanly by catching the exception.<p>
*
* It is envisioned that there will be three most common ways in which
* providers will be used:<p>
* <ol>
* <li> The application does not care about what provider is used (the
* default case).
* <li> The application wants a particular provider to be used
* preferentially, either for a particular mechanism or all the
* time, irrespective of mechanism.
* <li> The application wants to use the locally configured providers
* as far as possible but if support is missing for one or more
* mechanisms then it wants to fall back on its own provider.
*</ol><p>
*
* The <code>GSSManager</code> class has two methods that enable these modes of
* usage: {@link #addProviderAtFront(Provider, Oid) addProviderAtFront} and
* {@link #addProviderAtEnd(Provider, Oid) addProviderAtEnd}. These methods
* have the effect of creating an ordered list of <i>&lt;provider,
* oid&gt;</i> pairs where each pair indicates a preference of provider
* for a given oid.<p>
*
* It is important to note that there are certain interactions
* between the different GSS-API objects that are created by a
* GSSManager, where the provider that is used for a particular mechanism
* might need to be consistent across all objects. For instance, if a
* GSSCredential contains elements from a provider <i>p</i> for a mechanism
* <i>m</i>, it should generally be passed in to a GSSContext that will use
* provider <i>p</i> for the mechanism <i>m</i>. A simple rule of thumb
* that will maximize portability is that objects created from different
* GSSManager's should not be mixed, and if possible, a different
* GSSManager instance should be created if the application wants to invoke
* the <code>addProviderAtFront</code> method on a GSSManager that has
* already created an object.<p>
*
* Here is some sample code showing how the GSSManager might be used: <p>
* <pre>
* GSSManager manager = GSSManager.getInstance();
*
* Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
* Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
*
* // Identify who the client wishes to be
* GSSName userName = manager.createName("duke", GSSName.NT_USER_NAME);
*
* // Identify the name of the server. This uses a Kerberos specific
* // name format.
* GSSName serverName = manager.createName("nfs/foo.sun.com",
* krb5PrincipalNameType);
*
* // Acquire credentials for the user
* GSSCredential userCreds = manager.createCredential(userName,
* GSSCredential.DEFAULT_LIFETIME,
* krb5Mechanism,
* GSSCredential.INITIATE_ONLY);
*
* // Instantiate and initialize a security context that will be
* // established with the server
* GSSContext context = manager.createContext(serverName,
* krb5Mechanism,
* userCreds,
* GSSContext.DEFAULT_LIFETIME);
* </pre><p>
*
* The server side might use the following variation of this source:<p>
*
* <pre>
* // Acquire credentials for the server
* GSSCredential serverCreds = manager.createCredential(serverName,
* GSSCredential.DEFAULT_LIFETIME,
* krb5Mechanism,
* GSSCredential.ACCEPT_ONLY);
*
* // Instantiate and initialize a security context that will
* // wait for an establishment request token from the client
* GSSContext context = manager.createContext(serverCreds);
* </pre>
*
* @author Mayank Upadhyay
* @see GSSName
* @see GSSCredential
* @see GSSContext
* @since 1.4
*/
public abstract class GSSManager {
/**
* Returns the default GSSManager implementation.
*
* @return a GSSManager implementation
*/
public static GSSManager getInstance() {
return new sun.security.jgss.GSSManagerImpl();
}
/**
* Returns a list of mechanisms that are available to GSS-API callers
* through this GSSManager. The default GSSManager obtained from the
* {@link #getInstance() getInstance()} method includes the Oid
* "1.2.840.113554.1.2.2" in its list. This Oid identifies the Kerberos
* v5 GSS-API mechanism that is defined in RFC 1964.
*
* @return an array of Oid objects corresponding to the mechanisms that
* are available. A <code>null</code> value is returned when no
* mechanism are available (an example of this would be when mechanism
* are dynamically configured, and currently no mechanisms are
* installed).
*/
public abstract Oid[] getMechs();
/**
* Returns then name types supported by the indicated mechanism.<p>
*
* The default GSSManager instance includes support for the Kerberos v5
* mechanism. When this mechanism ("1.2.840.113554.1.2.2") is indicated,
* the returned list will contain at least the following nametypes:
* {@link GSSName#NT_HOSTBASED_SERVICE GSSName.NT_HOSTBASED_SERVICE},
* {@link GSSName#NT_EXPORT_NAME GSSName.NT_EXPORT_NAME}, and the
* Kerberos v5 specific Oid "1.2.840.113554.1.2.2.1". The namespace for
* the Oid "1.2.840.113554.1.2.2.1" is defined in RFC 1964.
*
* @return an array of Oid objects corresponding to the name types that
* the mechanism supports.
* @param mech the Oid of the mechanism to query
*
* @see #getMechsForName(Oid)
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH}
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract Oid[] getNamesForMech(Oid mech)
throws GSSException;
/**
* Returns a list of mechanisms that support the indicated name type.<p>
*
* The Kerberos v5 mechanism ("1.2.840.113554.1.2.2") will always be
* returned in this list when the indicated nametype is one of
* {@link GSSName#NT_HOSTBASED_SERVICE GSSName.NT_HOSTBASED_SERVICE},
* {@link GSSName#NT_EXPORT_NAME GSSName.NT_EXPORT_NAME}, or
* "1.2.840.113554.1.2.2.1".
*
* @return an array of Oid objects corresponding to the mechanisms that
* support the specified name type. <code>null</code> is returned when no
* mechanisms are found to support the specified name type.
* @param nameType the Oid of the name type to look for
*
* @see #getNamesForMech(Oid)
*/
public abstract Oid[] getMechsForName(Oid nameType);
/**
* Factory method to convert a string name from the
* specified namespace to a GSSName object. In general, the
* <code>GSSName</code> object created will contain multiple
* representations of the name, one for each mechanism that is
* supported; two examples that are exceptions to this are when
* the namespace type parameter indicates NT_EXPORT_NAME or when the
* GSS-API implementation is not multi-mechanism. It is
* not recommended to use this method with a NT_EXPORT_NAME type because
* representing a previously exported name consisting of arbitrary bytes
* as a String might cause problems with character encoding schemes. In
* such cases it is recommended that the bytes be passed in directly to
* the overloaded form of this method {@link #createName(byte[],
* Oid) createName}.
*
* @param nameStr the string representing a printable form of the name to
* create.
* @param nameType the Oid specifying the namespace of the printable name
* supplied. <code>null</code> can be used to specify
* that a mechanism specific default printable syntax should
* be assumed by each mechanism that examines nameStr.
* It is not advisable to use the nametype NT_EXPORT_NAME with this
* method.
* @return a GSSName representing the indicated principal
*
* @see GSSName
* @see GSSName#NT_EXPORT_NAME
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSName createName(String nameStr, Oid nameType)
throws GSSException;
/**
* Factory method to convert a byte array containing a
* name from the specified namespace to a GSSName object. In general,
* the <code>GSSName</code> object created will contain multiple
* representations of the name, one for each mechanism that is
* supported; two examples that are exceptions to this are when the
* namespace type parameter indicates NT_EXPORT_NAME or when the
* GSS-API implementation is not multi-mechanism. The bytes that are
* passed in are interpreted by each underlying mechanism according to
* some encoding scheme of its choice for the given nametype.
*
* @param name the byte array containing the name to create
* @param nameType the Oid specifying the namespace of the name supplied
* in the byte array. <code>null</code> can be used to specify that a
* mechanism specific default syntax should be assumed by each mechanism
* that examines the byte array.
* @return a GSSName representing the indicated principal
*
* @see GSSName
* @see GSSName#NT_EXPORT_NAME
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSName createName(byte name[], Oid nameType)
throws GSSException;
/**
* Factory method to convert a string name from the
* specified namespace to a GSSName object and canonicalize it at the
* same time for a mechanism. In other words, this method is
* a utility that does the equivalent of two steps: the {@link
* #createName(String, Oid) createName} and then also the {@link
* GSSName#canonicalize(Oid) GSSName.canonicalize}.
*
* @param nameStr the string representing a printable form of the name to
* create.
* @param nameType the Oid specifying the namespace of the printable name
* supplied. <code>null</code> can be used to specify
* that a mechanism specific default printable syntax should
* be assumed by each mechanism that examines nameStr.
* It is not advisable to use the nametype NT_EXPORT_NAME with this
* method.
* @param mech Oid specifying the mechanism for which the name should be
* canonicalized
* @return a GSSName representing the indicated principal
*
* @see GSSName#canonicalize(Oid)
* @see GSSName#NT_EXPORT_NAME
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSName createName(String nameStr, Oid nameType,
Oid mech) throws GSSException;
/**
* Factory method to convert a byte array containing a
* name from the specified namespace to a GSSName object and canonicalize
* it at the same time for a mechanism. In other words, this method is a
* utility that does the equivalent of two steps: the {@link
* #createName(byte[], Oid) createName} and then also {@link
* GSSName#canonicalize(Oid) GSSName.canonicalize}.
*
* @param name the byte array containing the name to create
* @param nameType the Oid specifying the namespace of the name supplied
* in the byte array. <code>null</code> can be used to specify that a
* mechanism specific default syntax should be assumed by each mechanism
* that examines the byte array.
* @param mech Oid specifying the mechanism for which the name should be
* canonicalized
* @return a GSSName representing the indicated principal
*
* @see GSSName#canonicalize(Oid)
* @see GSSName#NT_EXPORT_NAME
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSName createName(byte name[], Oid nameType, Oid mech)
throws GSSException;
/**
* Factory method for acquiring default credentials. This will cause
* the GSS-API to use system specific defaults for the set of mechanisms,
* name, and lifetime.<p>
*
* GSS-API mechanism providers must impose a local access-control
* policy on callers to prevent unauthorized callers from acquiring
* credentials to which they are not entitled. The kinds of permissions
* needed by different mechanism providers will be documented on a
* per-mechanism basis. A failed permission check might cause a {@link
* java.lang.SecurityException SecurityException} to be thrown from
* this method.
*
* @param usage The intended usage for this credential object. The value
* of this parameter must be one of:
* {@link GSSCredential#INITIATE_AND_ACCEPT
* GSSCredential.INITIATE_AND_ACCEPT},
* {@link GSSCredential#ACCEPT_ONLY GSSCredential.ACCEPT_ONLY}, and
* {@link GSSCredential#INITIATE_ONLY GSSCredential.INITIATE_ONLY}.
* @return a GSSCredential of the requested type.
*
* @see GSSCredential
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED},
* {@link GSSException#NO_CRED GSSException.NO_CRED},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSCredential createCredential (int usage)
throws GSSException;
/**
* Factory method for acquiring a single mechanism credential.<p>
*
* GSS-API mechanism providers must impose a local access-control
* policy on callers to prevent unauthorized callers from acquiring
* credentials to which they are not entitled. The kinds of permissions
* needed by different mechanism providers will be documented on a
* per-mechanism basis. A failed permission check might cause a {@link
* java.lang.SecurityException SecurityException} to be thrown from
* this method. <p>
*
* Non-default values for lifetime cannot always be honored by the
* underlying mechanisms, thus applications should be prepared to call
* {@link GSSCredential#getRemainingLifetime() getRemainingLifetime}
* on the returned credential.<p>
*
* @param name the name of the principal for whom this credential is to be
* acquired. Use <code>null</code> to specify the default principal.
* @param lifetime The number of seconds that credentials should remain
* valid. Use {@link GSSCredential#INDEFINITE_LIFETIME
* GSSCredential.INDEFINITE_LIFETIME} to request that the credentials
* have the maximum permitted lifetime. Use {@link
* GSSCredential#DEFAULT_LIFETIME GSSCredential.DEFAULT_LIFETIME} to
* request default credential lifetime.
* @param mech the Oid of the desired mechanism. Use <code>(Oid) null
* </code> to request the default mechanism.
* @param usage The intended usage for this credential object. The value
* of this parameter must be one of:
* {@link GSSCredential#INITIATE_AND_ACCEPT
* GSSCredential.INITIATE_AND_ACCEPT},
* {@link GSSCredential#ACCEPT_ONLY GSSCredential.ACCEPT_ONLY}, and
* {@link GSSCredential#INITIATE_ONLY GSSCredential.INITIATE_ONLY}.
* @return a GSSCredential of the requested type.
*
* @see GSSCredential
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED},
* {@link GSSException#NO_CRED GSSException.NO_CRED},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSCredential createCredential (GSSName name,
int lifetime, Oid mech, int usage)
throws GSSException;
/**
* Factory method for acquiring credentials over a set of
* mechanisms. This method attempts to acquire credentials for
* each of the mechanisms specified in the array called mechs. To
* determine the list of mechanisms for which the acquisition of
* credentials succeeded, the caller should use the {@link
* GSSCredential#getMechs() GSSCredential.getMechs} method.<p>
*
* GSS-API mechanism providers must impose a local access-control
* policy on callers to prevent unauthorized callers from acquiring
* credentials to which they are not entitled. The kinds of permissions
* needed by different mechanism providers will be documented on a
* per-mechanism basis. A failed permission check might cause a {@link
* java.lang.SecurityException SecurityException} to be thrown from
* this method.<p>
*
* Non-default values for lifetime cannot always be honored by the
* underlying mechanisms, thus applications should be prepared to call
* {@link GSSCredential#getRemainingLifetime() getRemainingLifetime}
* on the returned credential.<p>
*
* @param name the name of the principal for whom this credential is to
* be acquired. Use <code>null</code> to specify the default
* principal.
* @param lifetime The number of seconds that credentials should remain
* valid. Use {@link GSSCredential#INDEFINITE_LIFETIME
* GSSCredential.INDEFINITE_LIFETIME} to request that the credentials
* have the maximum permitted lifetime. Use {@link
* GSSCredential#DEFAULT_LIFETIME GSSCredential.DEFAULT_LIFETIME} to
* request default credential lifetime.
* @param mechs an array of Oid's indicating the mechanisms over which
* the credential is to be acquired. Use <code>(Oid[]) null</code> for
* requesting a system specific default set of mechanisms.
* @param usage The intended usage for this credential object. The value
* of this parameter must be one of:
* {@link GSSCredential#INITIATE_AND_ACCEPT
* GSSCredential.INITIATE_AND_ACCEPT},
* {@link GSSCredential#ACCEPT_ONLY GSSCredential.ACCEPT_ONLY}, and
* {@link GSSCredential#INITIATE_ONLY GSSCredential.INITIATE_ONLY}.
* @return a GSSCredential of the requested type.
*
* @see GSSCredential
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED},
* {@link GSSException#NO_CRED GSSException.NO_CRED},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSCredential createCredential(GSSName name,
int lifetime, Oid mechs[], int usage)
throws GSSException;
/**
* Factory method for creating a context on the initiator's
* side.
*
* Some mechanism providers might require that the caller be granted
* permission to initiate a security context. A failed permission check
* might cause a {@link java.lang.SecurityException SecurityException}
* to be thrown from this method.<p>
*
* Non-default values for lifetime cannot always be honored by the
* underlying mechanism, thus applications should be prepared to call
* {@link GSSContext#getLifetime() getLifetime} on the returned
* context.<p>
*
* @param peer the name of the target peer.
* @param mech the Oid of the desired mechanism. Use <code>null</code>
* to request the default mechanism.
* @param myCred the credentials of the initiator. Use
* <code>null</code> to act as the default initiator principal.
* @param lifetime the lifetime, in seconds, requested for the
* context. Use {@link GSSContext#INDEFINITE_LIFETIME
* GSSContext.INDEFINITE_LIFETIME} to request that the context have the
* maximum permitted lifetime. Use {@link GSSContext#DEFAULT_LIFETIME
* GSSContext.DEFAULT_LIFETIME} to request a default lifetime for the
* context.
* @return an unestablished GSSContext
*
* @see GSSContext
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#NO_CRED GSSException.NO_CRED}
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED}
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE}
* {@link GSSException#BAD_MECH GSSException.BAD_MECH}
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSContext createContext(GSSName peer, Oid mech,
GSSCredential myCred, int lifetime)
throws GSSException;
/**
* Factory method for creating a context on the acceptor' side. The
* context's properties will be determined from the input token supplied
* to the accept method.
*
* Some mechanism providers might require that the caller be granted
* permission to accept a security context. A failed permission check
* might cause a {@link java.lang.SecurityException SecurityException}
* to be thrown from this method.
*
* @param myCred the credentials for the acceptor. Use
* <code>null</code> to act as a default acceptor principal.
* @return an unestablished GSSContext
*
* @see GSSContext
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#NO_CRED GSSException.NO_CRED}
* {@link GSSException#CREDENTIALS_EXPIRED
* GSSException.CREDENTIALS_EXPIRED}
* {@link GSSException#BAD_MECH GSSException.BAD_MECH}
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSContext createContext(GSSCredential myCred)
throws GSSException;
/**
* Factory method for creating a previously exported context. The
* context properties will be determined from the input token and
* cannot be modified through the set methods.<p>
*
* Implementations are not required to support the inter-process
* transfer of security contexts. Before exporting a context, calling
* the {@link GSSContext#isTransferable() GSSContext.isTransferable}
* will indicate if the context is transferable. Calling this method in
* an implementation that does not support it will result in a
* <code>GSSException</code> with the error
* code {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE}.
*
* Some mechanism providers might require that the caller be granted
* permission to initiate or accept a security context. A failed
* permission check might cause a {@link java.lang.SecurityException
* SecurityException} to be thrown from this method.
*
* @param interProcessToken the token previously emitted from the
* export method.
* @return the previously established GSSContext
*
* @see GSSContext
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#NO_CONTEXT GSSException.NO_CONTEXT},
* {@link GSSException#DEFECTIVE_TOKEN GSSException.DEFECTIVE_TOKEN},
* {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE},
* {@link GSSException#UNAUTHORIZED GSSException.UNAUTHORIZED},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract GSSContext createContext(byte [] interProcessToken)
throws GSSException;
/**
* This method is used to indicate to the GSSManager that the
* application would like a particular provider to be used ahead of all
* others when support is desired for the given mechanism. When a value
* of null is used instead of an <code>Oid</code> for the mechanism,
* the GSSManager must use the indicated provider ahead of all others
* no matter what the mechanism is. Only when the indicated provider
* does not support the needed mechanism should the GSSManager move on
* to a different provider.<p>
*
* Calling this method repeatedly preserves the older settings but
* lowers them in preference thus forming an ordered list of provider
* and <code>Oid</code> pairs that grows at the top.<p>
*
* Calling addProviderAtFront with a null <code>Oid</code> will remove
* all previous preferences that were set for this provider in the
* GSSManager instance. Calling addProviderAtFront with a non-null
* <code>Oid</code> will remove any previous preference that was set
* using this mechanism and this provider together.<p>
*
* If the GSSManager implementation does not support an SPI with a
* pluggable provider architecture it should throw a GSSException with
* the status code GSSException.UNAVAILABLE to indicate that the
* operation is unavailable.<p>
*
* Suppose an application desired that the provider A always be checked
* first when any mechanism is needed, it would call:<p>
* <pre>
* GSSManager mgr = GSSManager.getInstance();
* // mgr may at this point have its own pre-configured list
* // of provider preferences. The following will prepend to
* // any such list:
*
* mgr.addProviderAtFront(A, null);
* </pre>
* Now if it also desired that the mechanism of Oid m1 always be
* obtained from the provider B before the previously set A was checked,
* it would call:<p>
* <pre>
* mgr.addProviderAtFront(B, m1);
* </pre>
* The GSSManager would then first check with B if m1 was needed. In
* case B did not provide support for m1, the GSSManager would continue
* on to check with A. If any mechanism m2 is needed where m2 is
* different from m1 then the GSSManager would skip B and check with A
* directly.<p>
*
* Suppose at a later time the following call is made to the same
* GSSManager instance:<p>
* <pre>
* mgr.addProviderAtFront(B, null)
* </pre>
* then the previous setting with the pair (B, m1) is subsumed by this
* and should be removed. Effectively the list of preferences now
* becomes {(B, null), (A, null),
* ... //followed by the pre-configured list.<p>
*
* Please note, however, that the following call:
* <pre>
* mgr.addProviderAtFront(A, m3)
* </pre>
* does not subsume the previous setting of (A, null) and the list will
* effectively become {(A, m3), (B, null), (A, null), ...}
*
* @param p the provider instance that should be used whenever support
* is needed for mech.
* @param mech the mechanism for which the provider is being set
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract void addProviderAtFront(Provider p, Oid mech)
throws GSSException;
/**
* This method is used to indicate to the GSSManager that the
* application would like a particular provider to be used if no other
* provider can be found that supports the given mechanism. When a value
* of null is used instead of an Oid for the mechanism, the GSSManager
* must use the indicated provider for any mechanism.<p>
*
* Calling this method repeatedly preserves the older settings but
* raises them above newer ones in preference thus forming an ordered
* list of providers and Oid pairs that grows at the bottom. Thus the
* older provider settings will be utilized first before this one is.<p>
*
* If there are any previously existing preferences that conflict with
* the preference being set here, then the GSSManager should ignore this
* request.<p>
*
* If the GSSManager implementation does not support an SPI with a
* pluggable provider architecture it should throw a GSSException with
* the status code GSSException.UNAVAILABLE to indicate that the
* operation is unavailable.<p>
*
* Suppose an application desired that when a mechanism of Oid m1 is
* needed the system default providers always be checked first, and only
* when they do not support m1 should a provider A be checked. It would
* then make the call:<p>
* <pre>
* GSSManager mgr = GSSManager.getInstance();
* mgr.addProviderAtEnd(A, m1);
* </pre>
* Now, if it also desired that for all mechanisms the provider B be
* checked after all configured providers have been checked, it would
* then call:<p>
* <pre>
* mgr.addProviderAtEnd(B, null);
* </pre>
* Effectively the list of preferences now becomes {..., (A, m1), (B,
* null)}.<p>
*
* Suppose at a later time the following call is made to the same
* GSSManager instance:<p>
* <pre>
* mgr.addProviderAtEnd(B, m2)
* </pre>
* then the previous setting with the pair (B, null) subsumes this and
* therefore this request should be ignored. The same would happen if a
* request is made for the already existing pairs of (A, m1) or (B,
* null).<p>
*
* Please note, however, that the following call:<p>
* <pre>
* mgr.addProviderAtEnd(A, null)
* </pre>
* is not subsumed by the previous setting of (A, m1) and the list will
* effectively become {..., (A, m1), (B, null), (A, null)}
*
* @param p the provider instance that should be used whenever support
* is needed for mech.
* @param mech the mechanism for which the provider is being set
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#UNAVAILABLE GSSException.UNAVAILABLE},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public abstract void addProviderAtEnd(Provider p, Oid mech)
throws GSSException;
}

295
jdkSrc/jdk8/org/ietf/jgss/GSSName.java Normal file
View File

@@ -0,0 +1,295 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
import sun.security.jgss.spi.*;
import java.util.Vector;
import java.util.Enumeration;
/**
* This interface encapsulates a single GSS-API principal entity. The
* application obtains an implementation of this interface
* through one of the <code>createName</code> methods that exist in the {@link
* GSSManager GSSManager} class. Conceptually a GSSName contains many
* representations of the entity or many primitive name elements, one for
* each supported underlying mechanism. In GSS terminology, a GSSName that
* contains an element from just one mechanism is called a Mechanism Name
* (MN)<p>
*
* Since different authentication mechanisms may employ different
* namespaces for identifying their principals, GSS-API's naming support is
* necessarily complex in multi-mechanism environments (or even in some
* single-mechanism environments where the underlying mechanism supports
* multiple namespaces). Different name formats and their definitions are
* identified with {@link Oid Oid's} and some standard types
* are defined in this interface. The format of the names can be derived
* based on the unique <code>Oid</code> of its name type.<p>
*
* Included below are code examples utilizing the <code>GSSName</code> interface.
* The code below creates a <code>GSSName</code>, converts it to an MN, performs a
* comparison, obtains a printable representation of the name, exports it
* to a byte array and then re-imports to obtain a
* new <code>GSSName</code>.<p>
* <pre>
* GSSManager manager = GSSManager.getInstance();
*
* // create a host based service name
* GSSName name = manager.createName("service@host",
* GSSName.NT_HOSTBASED_SERVICE);
*
* Oid krb5 = new Oid("1.2.840.113554.1.2.2");
*
* GSSName mechName = name.canonicalize(krb5);
*
* // the above two steps are equivalent to the following
* GSSName mechName = manager.createName("service@host",
* GSSName.NT_HOSTBASED_SERVICE, krb5);
*
* // perform name comparison
* if (name.equals(mechName))
* print("Names are equals.");
*
* // obtain textual representation of name and its printable
* // name type
* print(mechName.toString() +
* mechName.getStringNameType().toString());
*
* // export and re-import the name
* byte [] exportName = mechName.export();
*
* // create a new name object from the exported buffer
* GSSName newName = manager.createName(exportName,
* GSSName.NT_EXPORT_NAME);
*
* </pre>
* @see #export()
* @see #equals(GSSName)
* @see GSSManager#createName(String, Oid)
* @see GSSManager#createName(String, Oid, Oid)
* @see GSSManager#createName(byte[], Oid)
*
* @author Mayank Upadhyay
* @since 1.4
*/
public interface GSSName {
/**
* Oid indicating a host-based service name form. It is used to
* represent services associated with host computers. This name form
* is constructed using two elements, "service" and "hostname", as
* follows: service@hostname.<p>
*
* It represents the following Oid value:<br>
* <code>{ iso(1) member-body(2) United
* States(840) mit(113554) infosys(1) gssapi(2) generic(1) service_name(4)
* }</code>
*/
public static final Oid NT_HOSTBASED_SERVICE
= Oid.getInstance("1.2.840.113554.1.2.1.4");
/**
* Name type to indicate a named user on a local system.<p>
* It represents the following Oid value:<br>
* <code>{ iso(1) member-body(2) United
* States(840) mit(113554) infosys(1) gssapi(2) generic(1) user_name(1)
* }</code>
*/
public static final Oid NT_USER_NAME
= Oid.getInstance("1.2.840.113554.1.2.1.1");
/**
* Name type to indicate a numeric user identifier corresponding to a
* user on a local system. (e.g. Uid).<p>
*
* It represents the following Oid value:<br>
* <code>{ iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) machine_uid_name(2) }</code>
*/
public static final Oid NT_MACHINE_UID_NAME
= Oid.getInstance("1.2.840.113554.1.2.1.2");
/**
* Name type to indicate a string of digits representing the numeric
* user identifier of a user on a local system.<p>
*
* It represents the following Oid value:<br>
* <code>{ iso(1) member-body(2) United
* States(840) mit(113554) infosys(1) gssapi(2) generic(1)
* string_uid_name(3) }</code>
*/
public static final Oid NT_STRING_UID_NAME
= Oid.getInstance("1.2.840.113554.1.2.1.3");
/**
* Name type for representing an anonymous entity.<p>
* It represents the following Oid value:<br>
* <code>{ 1(iso), 3(org), 6(dod), 1(internet),
* 5(security), 6(nametypes), 3(gss-anonymous-name) }</code>
*/
public static final Oid NT_ANONYMOUS
= Oid.getInstance("1.3.6.1.5.6.3");
/**
* Name type used to indicate an exported name produced by the export
* method.<p>
*
* It represents the following Oid value:<br> <code>{ 1(iso),
* 3(org), 6(dod), 1(internet), 5(security), 6(nametypes),
* 4(gss-api-exported-name) }</code>
*/
public static final Oid NT_EXPORT_NAME
= Oid.getInstance("1.3.6.1.5.6.4");
/**
* Compares two <code>GSSName</code> objects to determine if they refer to the
* same entity.
*
* @param another the <code>GSSName</code> to compare this name with
* @return true if the two names contain at least one primitive element
* in common. If either of the names represents an anonymous entity, the
* method will return false.
*
* @throws GSSException when the names cannot be compared, containing the following
* major error codes:
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public boolean equals(GSSName another) throws GSSException;
/**
* Compares this <code>GSSName</code> object to another Object that might be a
* <code>GSSName</code>. The behaviour is exactly the same as in {@link
* #equals(GSSName) equals} except that no GSSException is thrown;
* instead, false will be returned in the situation where an error
* occurs.
* @return true if the object to compare to is also a <code>GSSName</code> and the two
* names refer to the same entity.
* @param another the object to compare this name to
* @see #equals(GSSName)
*/
public boolean equals(Object another);
/**
* Returns a hashcode value for this GSSName.
*
* @return a hashCode value
*/
public int hashCode();
/**
* Creates a name that is canonicalized for some
* mechanism.
*
* @return a <code>GSSName</code> that contains just one primitive
* element representing this name in a canonicalized form for the desired
* mechanism.
* @param mech the oid for the mechanism for which the canonical form of
* the name is requested.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_MECH GSSException.BAD_MECH},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public GSSName canonicalize(Oid mech) throws GSSException;
/**
* Returns a canonical contiguous byte representation of a mechanism name
* (MN), suitable for direct, byte by byte comparison by authorization
* functions. If the name is not an MN, implementations may throw a
* GSSException with the NAME_NOT_MN status code. If an implementation
* chooses not to throw an exception, it should use some system specific
* default mechanism to canonicalize the name and then export
* it. Structurally, an exported name object consists of a header
* containing an OID identifying the mechanism that authenticated the
* name, and a trailer containing the name itself, where the syntax of
* the trailer is defined by the individual mechanism specification. The
* format of the header of the output buffer is specified in RFC 2743.<p>
*
* The exported name is useful when used in large access control lists
* where the overhead of creating a <code>GSSName</code> object on each
* name and invoking the equals method on each name from the ACL may be
* prohibitive.<p>
*
* Exported names may be re-imported by using the byte array factory
* method {@link GSSManager#createName(byte[], Oid)
* GSSManager.createName} and specifying the NT_EXPORT_NAME as the name
* type object identifier. The resulting <code>GSSName</code> name will
* also be a MN.<p>
* @return a byte[] containing the exported name. RFC 2743 defines the
* "Mechanism-Independent Exported Name Object Format" for these bytes.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#BAD_NAME GSSException.BAD_NAME},
* {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE},
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public byte[] export() throws GSSException;
/**
* Returns a textual representation of the <code>GSSName</code> object. To retrieve
* the printed name format, which determines the syntax of the returned
* string, use the {@link #getStringNameType() getStringNameType}
* method.
*
* @return a String representing this name in printable form.
*/
public String toString();
/**
* Returns the name type of the printable
* representation of this name that can be obtained from the <code>
* toString</code> method.
*
* @return an Oid representing the namespace of the name returned
* from the toString method.
*
* @throws GSSException containing the following
* major error codes:
* {@link GSSException#FAILURE GSSException.FAILURE}
*/
public Oid getStringNameType() throws GSSException;
/**
* Tests if this name object represents an anonymous entity.
*
* @return true if this is an anonymous name, false otherwise.
*/
public boolean isAnonymous();
/**
* Tests if this name object represents a Mechanism Name (MN). An MN is
* a GSSName the contains exactly one mechanism's primitive name
* element.
*
* @return true if this is an MN, false otherwise.
*/
public boolean isMN();
}

235
jdkSrc/jdk8/org/ietf/jgss/MessageProp.java Normal file
View File

@@ -0,0 +1,235 @@
/*
* Copyright (c) 2000, 2001, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
/**
* This is a utility class used within the per-message GSSContext
* methods to convey per-message properties.<p>
*
* When used with the GSSContext interface's wrap and getMIC methods, an
* instance of this class is used to indicate the desired
* Quality-of-Protection (QOP) and to request if confidentiality services
* are to be applied to caller supplied data (wrap only). To request
* default QOP, the value of 0 should be used for QOP.<p>
*
* When used with the unwrap and verifyMIC methods of the GSSContext
* interface, an instance of this class will be used to indicate the
* applied QOP and confidentiality services over the supplied message.
* In the case of verifyMIC, the confidentiality state will always be
* <code>false</code>. Upon return from these methods, this object will also
* contain any supplementary status values applicable to the processed
* token. The supplementary status values can indicate old tokens, out
* of sequence tokens, gap tokens or duplicate tokens.<p>
*
* @see GSSContext#wrap
* @see GSSContext#unwrap
* @see GSSContext#getMIC
* @see GSSContext#verifyMIC
*
* @author Mayank Upadhyay
* @since 1.4
*/
public class MessageProp {
private boolean privacyState;
private int qop;
private boolean dupToken;
private boolean oldToken;
private boolean unseqToken;
private boolean gapToken;
private int minorStatus;
private String minorString;
/**
* Constructor which sets the desired privacy state. The QOP value used
* is 0.
*
* @param privState the privacy (i.e. confidentiality) state
*/
public MessageProp(boolean privState) {
this(0, privState);
}
/**
* Constructor which sets the values for the qop and privacy state.
*
* @param qop the QOP value
* @param privState the privacy (i.e. confidentiality) state
*/
public MessageProp(int qop, boolean privState) {
this.qop = qop;
this.privacyState = privState;
resetStatusValues();
}
/**
* Retrieves the QOP value.
*
* @return an int representing the QOP value
* @see #setQOP
*/
public int getQOP() {
return qop;
}
/**
* Retrieves the privacy state.
*
* @return true if the privacy (i.e., confidentiality) state is true,
* false otherwise.
* @see #setPrivacy
*/
public boolean getPrivacy() {
return (privacyState);
}
/**
* Sets the QOP value.
*
* @param qop the int value to set the QOP to
* @see #getQOP
*/
public void setQOP(int qop) {
this.qop = qop;
}
/**
* Sets the privacy state.
*
* @param privState true is the privacy (i.e., confidentiality) state
* is true, false otherwise.
* @see #getPrivacy
*/
public void setPrivacy(boolean privState) {
this.privacyState = privState;
}
/**
* Tests if this is a duplicate of an earlier token.
*
* @return true if this is a duplicate, false otherwise.
*/
public boolean isDuplicateToken() {
return dupToken;
}
/**
* Tests if this token's validity period has expired, i.e., the token
* is too old to be checked for duplication.
*
* @return true if the token's validity period has expired, false
* otherwise.
*/
public boolean isOldToken() {
return oldToken;
}
/**
* Tests if a later token had already been processed.
*
* @return true if a later token had already been processed, false otherwise.
*/
public boolean isUnseqToken() {
return unseqToken;
}
/**
* Tests if an expected token was not received, i.e., one or more
* predecessor tokens have not yet been successfully processed.
*
* @return true if an expected per-message token was not received,
* false otherwise.
*/
public boolean isGapToken() {
return gapToken;
}
/**
* Retrieves the minor status code that the underlying mechanism might
* have set for this per-message operation.
*
* @return the int minor status
*/
public int getMinorStatus(){
return minorStatus;
}
/**
* Retrieves a string explaining the minor status code.
*
* @return a String corresponding to the minor status
* code. <code>null</code> will be returned when no minor status code
* has been set.
*/
public String getMinorString(){
return minorString;
}
/**
* This method sets the state for the supplementary information flags
* and the minor status in MessageProp. It is not used by the
* application but by the GSS implementation to return this information
* to the caller of a per-message context method.
*
* @param duplicate true if the token was a duplicate of an earlier
* token, false otherwise
* @param old true if the token's validity period has expired, false
* otherwise
* @param unseq true if a later token has already been processed, false
* otherwise
* @param gap true if one or more predecessor tokens have not yet been
* successfully processed, false otherwise
* @param minorStatus the int minor status code for the per-message
* operation
* @param minorString the textual representation of the minorStatus value
*/
public void setSupplementaryStates(boolean duplicate,
boolean old, boolean unseq, boolean gap,
int minorStatus, String minorString) {
this.dupToken = duplicate;
this.oldToken = old;
this.unseqToken = unseq;
this.gapToken = gap;
this.minorStatus = minorStatus;
this.minorString = minorString;
}
/**
* Resets the supplementary status values to false.
*/
private void resetStatusValues() {
dupToken = false;
oldToken = false;
unseqToken = false;
gapToken = false;
minorStatus = 0;
minorString = null;
}
}

216
jdkSrc/jdk8/org/ietf/jgss/Oid.java Normal file
View File

@@ -0,0 +1,216 @@
/*
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.ietf.jgss;
import java.io.InputStream;
import java.io.IOException;
import sun.security.util.DerValue;
import sun.security.util.DerOutputStream;
import sun.security.util.ObjectIdentifier;
/**
* This class represents Universal Object Identifiers (Oids) and their
* associated operations.<p>
*
* Oids are hierarchically globally-interpretable identifiers used
* within the GSS-API framework to identify mechanisms and name formats.<p>
*
* The structure and encoding of Oids is defined in ISOIEC-8824 and
* ISOIEC-8825. For example the Oid representation of Kerberos V5
* mechanism is "1.2.840.113554.1.2.2"<p>
*
* The GSSName name class contains public static Oid objects
* representing the standard name types defined in GSS-API.
*
* @author Mayank Upadhyay
* @since 1.4
*/
public class Oid {
private ObjectIdentifier oid;
private byte[] derEncoding;
/**
* Constructs an Oid object from a string representation of its
* integer components.
*
* @param strOid the dot separated string representation of the oid.
* For instance, "1.2.840.113554.1.2.2".
* @exception GSSException may be thrown when the string is incorrectly
* formatted
*/
public Oid(String strOid) throws GSSException {
try {
oid = new ObjectIdentifier(strOid);
derEncoding = null;
} catch (Exception e) {
throw new GSSException(GSSException.FAILURE,
"Improperly formatted Object Identifier String - "
+ strOid);
}
}
/**
* Creates an Oid object from its ASN.1 DER encoding. This refers to
* the full encoding including tag and length. The structure and
* encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825. This
* method is identical in functionality to its byte array counterpart.
*
* @param derOid stream containing the DER encoded oid
* @exception GSSException may be thrown when the DER encoding does not
* follow the prescribed format.
*/
public Oid(InputStream derOid) throws GSSException {
try {
DerValue derVal = new DerValue(derOid);
derEncoding = derVal.toByteArray();
oid = derVal.getOID();
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE,
"Improperly formatted ASN.1 DER encoding for Oid");
}
}
/**
* Creates an Oid object from its ASN.1 DER encoding. This refers to
* the full encoding including tag and length. The structure and
* encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825. This
* method is identical in functionality to its InputStream conterpart.
*
* @param data byte array containing the DER encoded oid
* @exception GSSException may be thrown when the DER encoding does not
* follow the prescribed format.
*/
public Oid(byte [] data) throws GSSException {
try {
DerValue derVal = new DerValue(data);
derEncoding = derVal.toByteArray();
oid = derVal.getOID();
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE,
"Improperly formatted ASN.1 DER encoding for Oid");
}
}
/**
* Only for calling by initializators used with declarations.
*
* @param strOid
*/
static Oid getInstance(String strOid) {
Oid retVal = null;
try {
retVal = new Oid(strOid);
} catch (GSSException e) {
// squelch it!
}
return retVal;
}
/**
* Returns a string representation of the oid's integer components
* in dot separated notation.
*
* @return string representation in the following format: "1.2.3.4.5"
*/
public String toString() {
return oid.toString();
}
/**
* Tests if two Oid objects represent the same Object identifier
* value.
*
* @return <code>true</code> if the two Oid objects represent the same
* value, <code>false</code> otherwise.
* @param other the Oid object that has to be compared to this one
*/
public boolean equals(Object other) {
//check if both reference the same object
if (this == other)
return (true);
if (other instanceof Oid)
return this.oid.equals((Object)((Oid) other).oid);
else if (other instanceof ObjectIdentifier)
return this.oid.equals(other);
else
return false;
}
/**
* Returns the full ASN.1 DER encoding for this oid object, which
* includes the tag and length.
*
* @return byte array containing the DER encoding of this oid object.
* @exception GSSException may be thrown when the oid can't be encoded
*/
public byte[] getDER() throws GSSException {
if (derEncoding == null) {
DerOutputStream dout = new DerOutputStream();
try {
dout.putOID(oid);
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE, e.getMessage());
}
derEncoding = dout.toByteArray();
}
return derEncoding.clone();
}
/**
* A utility method to test if this Oid value is contained within the
* supplied Oid array.
*
* @param oids the array of Oid's to search
* @return true if the array contains this Oid value, false otherwise
*/
public boolean containedIn(Oid[] oids) {
for (int i = 0; i < oids.length; i++) {
if (oids[i].equals(this))
return (true);
}
return (false);
}
/**
* Returns a hashcode value for this Oid.
*
* @return a hashCode value
*/
public int hashCode() {
return oid.hashCode();
}
}