662 lines
24 KiB
Java
662 lines
24 KiB
Java
/*
|
|
* Copyright (c) 2000, 2009, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package sun.security.jgss;
|
|
|
|
import org.ietf.jgss.*;
|
|
import sun.security.jgss.spi.*;
|
|
import sun.security.util.ObjectIdentifier;
|
|
import java.io.InputStream;
|
|
import java.io.OutputStream;
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.ByteArrayOutputStream;
|
|
import java.io.IOException;
|
|
import com.sun.security.jgss.*;
|
|
|
|
/**
|
|
* This class represents the JGSS security context and its associated
|
|
* operations. JGSS security contexts are established between
|
|
* peers using locally established credentials. Multiple contexts
|
|
* may exist simultaneously between a pair of peers, using the same
|
|
* or different set of credentials. The JGSS is independent of
|
|
* the underlying transport protocols and depends on its callers to
|
|
* transport the tokens between peers.
|
|
* <p>
|
|
* The context object can be thought of as having 3 implicit states:
|
|
* before it is established, during its context establishment, and
|
|
* after a fully established context exists.
|
|
* <p>
|
|
* Before the context establishment phase is initiated, the context
|
|
* initiator may request specific characteristics desired of the
|
|
* established context. These can be set using the set methods. After the
|
|
* context is established, the caller can check the actual characteristic
|
|
* and services offered by the context using the query methods.
|
|
* <p>
|
|
* The context establishment phase begins with the first call to the
|
|
* initSecContext method by the context initiator. During this phase the
|
|
* initSecContext and acceptSecContext methods will produce GSS-API
|
|
* authentication tokens which the calling application needs to send to its
|
|
* peer. The initSecContext and acceptSecContext methods may
|
|
* return a CONTINUE_NEEDED code which indicates that a token is needed
|
|
* from its peer in order to continue the context establishment phase. A
|
|
* return code of COMPLETE signals that the local end of the context is
|
|
* established. This may still require that a token be sent to the peer,
|
|
* depending if one is produced by GSS-API. The isEstablished method can
|
|
* also be used to determine if the local end of the context has been
|
|
* fully established. During the context establishment phase, the
|
|
* isProtReady method may be called to determine if the context can be
|
|
* used for the per-message operations. This allows implementation to
|
|
* use per-message operations on contexts which aren't fully established.
|
|
* <p>
|
|
* After the context has been established or the isProtReady method
|
|
* returns "true", the query routines can be invoked to determine the actual
|
|
* characteristics and services of the established context. The
|
|
* application can also start using the per-message methods of wrap and
|
|
* getMIC to obtain cryptographic operations on application supplied data.
|
|
* <p>
|
|
* When the context is no longer needed, the application should call
|
|
* dispose to release any system resources the context may be using.
|
|
* <DL><DT><B>RFC 2078</b>
|
|
* <DD>This class corresponds to the context level calls together with
|
|
* the per message calls of RFC 2078. The gss_init_sec_context and
|
|
* gss_accept_sec_context calls have been made simpler by only taking
|
|
* required parameters. The context can have its properties set before
|
|
* the first call to initSecContext. The supplementary status codes for the
|
|
* per-message operations are returned in an instance of the MessageProp
|
|
* class, which is used as an argument in these calls.</dl>
|
|
*/
|
|
class GSSContextImpl implements ExtendedGSSContext {
|
|
|
|
private final GSSManagerImpl gssManager;
|
|
private final boolean initiator;
|
|
|
|
// private flags for the context state
|
|
private static final int PRE_INIT = 1;
|
|
private static final int IN_PROGRESS = 2;
|
|
private static final int READY = 3;
|
|
private static final int DELETED = 4;
|
|
|
|
// instance variables
|
|
private int currentState = PRE_INIT;
|
|
|
|
private GSSContextSpi mechCtxt = null;
|
|
private Oid mechOid = null;
|
|
private ObjectIdentifier objId = null;
|
|
|
|
private GSSCredentialImpl myCred = null;
|
|
|
|
private GSSNameImpl srcName = null;
|
|
private GSSNameImpl targName = null;
|
|
|
|
private int reqLifetime = INDEFINITE_LIFETIME;
|
|
private ChannelBinding channelBindings = null;
|
|
|
|
private boolean reqConfState = true;
|
|
private boolean reqIntegState = true;
|
|
private boolean reqMutualAuthState = true;
|
|
private boolean reqReplayDetState = true;
|
|
private boolean reqSequenceDetState = true;
|
|
private boolean reqCredDelegState = false;
|
|
private boolean reqAnonState = false;
|
|
private boolean reqDelegPolicyState = false;
|
|
|
|
/**
|
|
* Creates a GSSContextImp on the context initiator's side.
|
|
*/
|
|
public GSSContextImpl(GSSManagerImpl gssManager, GSSName peer, Oid mech,
|
|
GSSCredential myCred, int lifetime)
|
|
throws GSSException {
|
|
if ((peer == null) || !(peer instanceof GSSNameImpl)) {
|
|
throw new GSSException(GSSException.BAD_NAME);
|
|
}
|
|
if (mech == null) mech = ProviderList.DEFAULT_MECH_OID;
|
|
|
|
this.gssManager = gssManager;
|
|
this.myCred = (GSSCredentialImpl) myCred; // XXX Check first
|
|
reqLifetime = lifetime;
|
|
targName = (GSSNameImpl)peer;
|
|
this.mechOid = mech;
|
|
initiator = true;
|
|
}
|
|
|
|
/**
|
|
* Creates a GSSContextImpl on the context acceptor's side.
|
|
*/
|
|
public GSSContextImpl(GSSManagerImpl gssManager, GSSCredential myCred)
|
|
throws GSSException {
|
|
this.gssManager = gssManager;
|
|
this.myCred = (GSSCredentialImpl) myCred; // XXX Check first
|
|
initiator = false;
|
|
}
|
|
|
|
/**
|
|
* Creates a GSSContextImpl out of a previously exported
|
|
* GSSContext.
|
|
*
|
|
* @see #isTransferable
|
|
*/
|
|
public GSSContextImpl(GSSManagerImpl gssManager, byte[] interProcessToken)
|
|
throws GSSException {
|
|
this.gssManager = gssManager;
|
|
mechCtxt = gssManager.getMechanismContext(interProcessToken);
|
|
initiator = mechCtxt.isInitiator();
|
|
this.mechOid = mechCtxt.getMech();
|
|
}
|
|
|
|
public byte[] initSecContext(byte inputBuf[], int offset, int len)
|
|
throws GSSException {
|
|
/*
|
|
* Size of ByteArrayOutputStream will double each time that extra
|
|
* bytes are to be written. Usually, without delegation, a GSS
|
|
* initial token containing the Kerberos AP-REQ is between 400 and
|
|
* 600 bytes.
|
|
*/
|
|
ByteArrayOutputStream bos = new ByteArrayOutputStream(600);
|
|
ByteArrayInputStream bin =
|
|
new ByteArrayInputStream(inputBuf, offset, len);
|
|
int size = initSecContext(bin, bos);
|
|
return (size == 0? null : bos.toByteArray());
|
|
}
|
|
|
|
public int initSecContext(InputStream inStream,
|
|
OutputStream outStream) throws GSSException {
|
|
|
|
if (mechCtxt != null && currentState != IN_PROGRESS) {
|
|
throw new GSSExceptionImpl(GSSException.FAILURE,
|
|
"Illegal call to initSecContext");
|
|
}
|
|
|
|
GSSHeader gssHeader = null;
|
|
int inTokenLen = -1;
|
|
GSSCredentialSpi credElement = null;
|
|
boolean firstToken = false;
|
|
|
|
try {
|
|
if (mechCtxt == null) {
|
|
if (myCred != null) {
|
|
try {
|
|
credElement = myCred.getElement(mechOid, true);
|
|
} catch (GSSException ge) {
|
|
if (GSSUtil.isSpNegoMech(mechOid) &&
|
|
ge.getMajor() == GSSException.NO_CRED) {
|
|
credElement = myCred.getElement
|
|
(myCred.getMechs()[0], true);
|
|
} else {
|
|
throw ge;
|
|
}
|
|
}
|
|
}
|
|
GSSNameSpi nameElement = targName.getElement(mechOid);
|
|
mechCtxt = gssManager.getMechanismContext(nameElement,
|
|
credElement,
|
|
reqLifetime,
|
|
mechOid);
|
|
mechCtxt.requestConf(reqConfState);
|
|
mechCtxt.requestInteg(reqIntegState);
|
|
mechCtxt.requestCredDeleg(reqCredDelegState);
|
|
mechCtxt.requestMutualAuth(reqMutualAuthState);
|
|
mechCtxt.requestReplayDet(reqReplayDetState);
|
|
mechCtxt.requestSequenceDet(reqSequenceDetState);
|
|
mechCtxt.requestAnonymity(reqAnonState);
|
|
mechCtxt.setChannelBinding(channelBindings);
|
|
mechCtxt.requestDelegPolicy(reqDelegPolicyState);
|
|
|
|
objId = new ObjectIdentifier(mechOid.toString());
|
|
|
|
currentState = IN_PROGRESS;
|
|
firstToken = true;
|
|
} else {
|
|
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
GSSUtil.isSpNegoMech(mechOid)) {
|
|
// do not parse GSS header for native provider or SPNEGO
|
|
// mech
|
|
} else {
|
|
// parse GSS header
|
|
gssHeader = new GSSHeader(inStream);
|
|
if (!gssHeader.getOid().equals((Object) objId))
|
|
throw new GSSExceptionImpl
|
|
(GSSException.DEFECTIVE_TOKEN,
|
|
"Mechanism not equal to " +
|
|
mechOid.toString() +
|
|
" in initSecContext token");
|
|
inTokenLen = gssHeader.getMechTokenLength();
|
|
}
|
|
}
|
|
|
|
byte[] obuf = mechCtxt.initSecContext(inStream, inTokenLen);
|
|
|
|
int retVal = 0;
|
|
|
|
if (obuf != null) {
|
|
retVal = obuf.length;
|
|
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
(!firstToken && GSSUtil.isSpNegoMech(mechOid))) {
|
|
// do not add GSS header for native provider or SPNEGO
|
|
// except for the first SPNEGO token
|
|
} else {
|
|
// add GSS header
|
|
gssHeader = new GSSHeader(objId, obuf.length);
|
|
retVal += gssHeader.encode(outStream);
|
|
}
|
|
outStream.write(obuf);
|
|
}
|
|
|
|
if (mechCtxt.isEstablished())
|
|
currentState = READY;
|
|
|
|
return retVal;
|
|
|
|
} catch (IOException e) {
|
|
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN,
|
|
e.getMessage());
|
|
}
|
|
}
|
|
|
|
public byte[] acceptSecContext(byte inTok[], int offset, int len)
|
|
throws GSSException {
|
|
|
|
/*
|
|
* Usually initial GSS token containing a Kerberos AP-REP is less
|
|
* than 100 bytes.
|
|
*/
|
|
ByteArrayOutputStream bos = new ByteArrayOutputStream(100);
|
|
acceptSecContext(new ByteArrayInputStream(inTok, offset, len),
|
|
bos);
|
|
byte[] out = bos.toByteArray();
|
|
return (out.length == 0) ? null : out;
|
|
}
|
|
|
|
public void acceptSecContext(InputStream inStream,
|
|
OutputStream outStream) throws GSSException {
|
|
|
|
if (mechCtxt != null && currentState != IN_PROGRESS) {
|
|
throw new GSSExceptionImpl(GSSException.FAILURE,
|
|
"Illegal call to acceptSecContext");
|
|
}
|
|
|
|
GSSHeader gssHeader = null;
|
|
int inTokenLen = -1;
|
|
GSSCredentialSpi credElement = null;
|
|
|
|
try {
|
|
if (mechCtxt == null) {
|
|
// mechOid will be null for an acceptor's context
|
|
gssHeader = new GSSHeader(inStream);
|
|
inTokenLen = gssHeader.getMechTokenLength();
|
|
|
|
/*
|
|
* Convert ObjectIdentifier to Oid
|
|
*/
|
|
objId = gssHeader.getOid();
|
|
mechOid = new Oid(objId.toString());
|
|
// System.out.println("Entered GSSContextImpl.acceptSecContext"
|
|
// + " with mechanism = " + mechOid);
|
|
if (myCred != null) {
|
|
credElement = myCred.getElement(mechOid, false);
|
|
}
|
|
|
|
mechCtxt = gssManager.getMechanismContext(credElement,
|
|
mechOid);
|
|
mechCtxt.setChannelBinding(channelBindings);
|
|
|
|
currentState = IN_PROGRESS;
|
|
} else {
|
|
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
(GSSUtil.isSpNegoMech(mechOid))) {
|
|
// do not parse GSS header for native provider and SPNEGO
|
|
} else {
|
|
// parse GSS Header
|
|
gssHeader = new GSSHeader(inStream);
|
|
if (!gssHeader.getOid().equals((Object) objId))
|
|
throw new GSSExceptionImpl
|
|
(GSSException.DEFECTIVE_TOKEN,
|
|
"Mechanism not equal to " +
|
|
mechOid.toString() +
|
|
" in acceptSecContext token");
|
|
inTokenLen = gssHeader.getMechTokenLength();
|
|
}
|
|
}
|
|
|
|
byte[] obuf = mechCtxt.acceptSecContext(inStream, inTokenLen);
|
|
|
|
if (obuf != null) {
|
|
int retVal = obuf.length;
|
|
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
(GSSUtil.isSpNegoMech(mechOid))) {
|
|
// do not add GSS header for native provider and SPNEGO
|
|
} else {
|
|
// add GSS header
|
|
gssHeader = new GSSHeader(objId, obuf.length);
|
|
retVal += gssHeader.encode(outStream);
|
|
}
|
|
outStream.write(obuf);
|
|
}
|
|
|
|
if (mechCtxt.isEstablished()) {
|
|
currentState = READY;
|
|
}
|
|
} catch (IOException e) {
|
|
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN,
|
|
e.getMessage());
|
|
}
|
|
}
|
|
|
|
public boolean isEstablished() {
|
|
if (mechCtxt == null)
|
|
return false;
|
|
else
|
|
return (currentState == READY);
|
|
}
|
|
|
|
public int getWrapSizeLimit(int qop, boolean confReq,
|
|
int maxTokenSize) throws GSSException {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getWrapSizeLimit(qop, confReq, maxTokenSize);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public byte[] wrap(byte inBuf[], int offset, int len,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.wrap(inBuf, offset, len, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public void wrap(InputStream inStream, OutputStream outStream,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
mechCtxt.wrap(inStream, outStream, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public byte [] unwrap(byte[] inBuf, int offset, int len,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.unwrap(inBuf, offset, len, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public void unwrap(InputStream inStream, OutputStream outStream,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
mechCtxt.unwrap(inStream, outStream, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public byte[] getMIC(byte []inMsg, int offset, int len,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getMIC(inMsg, offset, len, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public void getMIC(InputStream inStream, OutputStream outStream,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
mechCtxt.getMIC(inStream, outStream, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public void verifyMIC(byte[] inTok, int tokOffset, int tokLen,
|
|
byte[] inMsg, int msgOffset, int msgLen,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
mechCtxt.verifyMIC(inTok, tokOffset, tokLen,
|
|
inMsg, msgOffset, msgLen, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public void verifyMIC(InputStream tokStream, InputStream msgStream,
|
|
MessageProp msgProp) throws GSSException {
|
|
if (mechCtxt != null)
|
|
mechCtxt.verifyMIC(tokStream, msgStream, msgProp);
|
|
else
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
}
|
|
|
|
public byte[] export() throws GSSException {
|
|
// Defaults to null to match old behavior
|
|
byte[] result = null;
|
|
// Only allow context export from native provider since JGSS
|
|
// still has not defined its own interprocess token format
|
|
if (mechCtxt.isTransferable() &&
|
|
mechCtxt.getProvider().getName().equals("SunNativeGSS")) {
|
|
result = mechCtxt.export();
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public void requestMutualAuth(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqMutualAuthState = state;
|
|
}
|
|
|
|
public void requestReplayDet(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqReplayDetState = state;
|
|
}
|
|
|
|
public void requestSequenceDet(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqSequenceDetState = state;
|
|
}
|
|
|
|
public void requestCredDeleg(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqCredDelegState = state;
|
|
}
|
|
|
|
public void requestAnonymity(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqAnonState = state;
|
|
}
|
|
|
|
public void requestConf(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqConfState = state;
|
|
}
|
|
|
|
public void requestInteg(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqIntegState = state;
|
|
}
|
|
|
|
public void requestLifetime(int lifetime) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqLifetime = lifetime;
|
|
}
|
|
|
|
public void setChannelBinding(ChannelBinding channelBindings)
|
|
throws GSSException {
|
|
|
|
if (mechCtxt == null)
|
|
this.channelBindings = channelBindings;
|
|
|
|
}
|
|
|
|
public boolean getCredDelegState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getCredDelegState();
|
|
else
|
|
return reqCredDelegState;
|
|
}
|
|
|
|
public boolean getMutualAuthState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getMutualAuthState();
|
|
else
|
|
return reqMutualAuthState;
|
|
}
|
|
|
|
public boolean getReplayDetState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getReplayDetState();
|
|
else
|
|
return reqReplayDetState;
|
|
}
|
|
|
|
public boolean getSequenceDetState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getSequenceDetState();
|
|
else
|
|
return reqSequenceDetState;
|
|
}
|
|
|
|
public boolean getAnonymityState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getAnonymityState();
|
|
else
|
|
return reqAnonState;
|
|
}
|
|
|
|
public boolean isTransferable() throws GSSException {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.isTransferable();
|
|
else
|
|
return false;
|
|
}
|
|
|
|
public boolean isProtReady() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.isProtReady();
|
|
else
|
|
return false;
|
|
}
|
|
|
|
public boolean getConfState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getConfState();
|
|
else
|
|
return reqConfState;
|
|
}
|
|
|
|
public boolean getIntegState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getIntegState();
|
|
else
|
|
return reqIntegState;
|
|
}
|
|
|
|
public int getLifetime() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getLifetime();
|
|
else
|
|
return reqLifetime;
|
|
}
|
|
|
|
public GSSName getSrcName() throws GSSException {
|
|
if (srcName == null) {
|
|
srcName = GSSNameImpl.wrapElement
|
|
(gssManager, mechCtxt.getSrcName());
|
|
}
|
|
return srcName;
|
|
}
|
|
|
|
public GSSName getTargName() throws GSSException {
|
|
if (targName == null) {
|
|
targName = GSSNameImpl.wrapElement
|
|
(gssManager, mechCtxt.getTargName());
|
|
}
|
|
return targName;
|
|
}
|
|
|
|
public Oid getMech() throws GSSException {
|
|
if (mechCtxt != null) {
|
|
return mechCtxt.getMech();
|
|
}
|
|
return mechOid;
|
|
}
|
|
|
|
public GSSCredential getDelegCred() throws GSSException {
|
|
|
|
if (mechCtxt == null)
|
|
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
"No mechanism context yet!");
|
|
GSSCredentialSpi delCredElement = mechCtxt.getDelegCred();
|
|
return (delCredElement == null ?
|
|
null : new GSSCredentialImpl(gssManager, delCredElement));
|
|
}
|
|
|
|
public boolean isInitiator() throws GSSException {
|
|
return initiator;
|
|
}
|
|
|
|
public void dispose() throws GSSException {
|
|
currentState = DELETED;
|
|
if (mechCtxt != null) {
|
|
mechCtxt.dispose();
|
|
mechCtxt = null;
|
|
}
|
|
myCred = null;
|
|
srcName = null;
|
|
targName = null;
|
|
}
|
|
|
|
// ExtendedGSSContext methods:
|
|
|
|
@Override
|
|
public Object inquireSecContext(InquireType type) throws GSSException {
|
|
SecurityManager security = System.getSecurityManager();
|
|
if (security != null) {
|
|
security.checkPermission(new InquireSecContextPermission(type.toString()));
|
|
}
|
|
if (mechCtxt == null) {
|
|
throw new GSSException(GSSException.NO_CONTEXT);
|
|
}
|
|
return mechCtxt.inquireSecContext(type);
|
|
}
|
|
|
|
@Override
|
|
public void requestDelegPolicy(boolean state) throws GSSException {
|
|
if (mechCtxt == null && initiator)
|
|
reqDelegPolicyState = state;
|
|
}
|
|
|
|
@Override
|
|
public boolean getDelegPolicyState() {
|
|
if (mechCtxt != null)
|
|
return mechCtxt.getDelegPolicyState();
|
|
else
|
|
return reqDelegPolicyState;
|
|
}
|
|
}
|