Context.java revision 1536
/*
* Copyright 2008-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
/**
* Context of a JGSS subject, encapsulating Subject and GSSContext.
*
* Three "constructors", which acquire the (private) credentials and fill
* it into the Subject:
*
* 1. static fromJAAS(): Creates a Context using a JAAS login config entry
* 2. static fromUserPass(): Creates a Context using a username and a password
* 3. delegated(): A new context which uses the delegated credentials from a
* previously established acceptor Context
*
* Two context initiators, which create the GSSContext object inside:
*
* 1. startAsClient()
* 2. startAsServer()
*
* Privileged action:
* doAs(): Performs an action in the name of the Subject
*
* Handshake process:
* static handShake(initiator, acceptor)
*
* A four-phase typical data communication which includes all four GSS
* actions (wrap, unwrap, getMic and veryfyMiC):
* static transmit(message, from, to)
*/
public class Context {
private Subject s;
private GSSContext x;
private boolean f; // context established?
private Context() {}
/**
* Using the delegated credentials from a previous acceptor
* @param c
*/
out.s = s;
return out;
}
/**
* Logins with a JAAS login config entry name
*/
return out;
}
/**
* Logins with a username and a password, using Krb5LoginModule directly
* @param storeKey true if key should be saved, used on acceptor side
*/
} else {
}
}
if (storeKey) {
}
return out;
}
/**
* Starts as a client
* @param target communication peer
* @param mech GSS mech
* @throws java.lang.Exception
*/
me.x = m.createContext(
mech,
cred,
return null;
}
}, null);
f = false;
}
/**
* Starts as a server
* @param mech GSS mech
* @throws java.lang.Exception
*/
null,
mech,
return null;
}
}, null);
f = false;
}
/**
* Accesses the internal GSSContext object. Currently it's used for --
*
* 1. calling requestXXX() before handshake
* 2. accessing source name
*
* Note: If the application needs to do any privileged call on this
* object, please use doAs(). Otherwise, it can be done directly. The
* methods listed above are all non-privileged calls.
*
* @return the GSSContext object
*/
public GSSContext x() {
return x;
}
/**
* Disposes the GSSContext within
* @throws org.ietf.jgss.GSSException
*/
public void dispose() throws GSSException {
x.dispose();
}
/**
* Does something using the Subject inside
* @param action the action
* @param in the input byte
* @return the output byte
* @throws java.lang.Exception
*/
try {
}
});
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
}
/**
* Prints status of GSSContext and Subject
* @throws java.lang.Exception
*/
try {
if (x.getAnonymityState()) {
}
if (x.getConfState()) {
}
if (x.getCredDelegState()) {
}
if (x.getIntegState()) {
}
if (x.getMutualAuthState()) {
}
if (x.getReplayDetState()) {
}
if (x.getSequenceDetState()) {
}
} catch (Exception e) {
;// Don't care
}
for (Object o : s.getPrivateCredentials()) {
if (o instanceof KerberosTicket) {
} else if (o instanceof KerberosKey) {
System.out.print(" " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
for (byte b : kk.getEncoded()) {
}
} else if (o instanceof Map) {
}
}
}
if (x != null && x instanceof ExtendedGSSContext) {
if (x.isEstablished()) {
if (k == null) {
throw new Exception("Session key cannot be null");
}
throw new Exception("Ticket flags cannot be null");
}
throw new Exception("Auth time cannot be null");
}
if (!x.isInitiator()) {
}
}
}
}
/**
* Transmits a message from one Context to another. The sender wraps the
* message and sends it to the receiver. The receiver unwraps it, creates
* a MIC of the clear text and sends it back to the sender. The sender
* verifies the MIC against the message sent earlier.
* @param message the message
* @param s1 the sender
* @param s2 the receiver
* @throws java.lang.Exception If anything goes wrong
*/
return out;
}
}, null);
return bytes;
}
}, t);
// Re-unwrap should make p2.isDuplicateToken() returns true
p1);
return null;
}
}, t);
}
/**
* Returns a string description of a MessageProp object
* @param prop the object
* @return the description
*/
}
/**
* Handshake (security context establishment process) between two Contexts
* @param c the initiator
* @param s the acceptor
* @throws java.lang.Exception
*/
byte[] t = new byte[0];
while (!c.f || !s.f) {
if (me.x.isEstablished()) {
me.f = true;
throw new Exception("Context established but " +
"still receive token at " + c.name);
}
return null;
} else {
}
}
}, t);
if (me.x.isEstablished()) {
me.f = true;
throw new Exception("Context established but " +
"still receive token at " + s.name);
}
return null;
} else {
}
}
}, t);
}
}
}