com.sun.gssapi
Class GSSCredential
java.lang.Object
com.sun.gssapi.GSSCredential
public class GSSCredential
extends java.lang.Object
This class manages GSS-API credentials and their associated
operations. A credential contains all the necessary cryptographic
information to enable the creation of a context on behalf of the
entity that it represents. It may contain multiple distinct mechanism
specific credential elements, each containing mechanism specific
information, and all referring to the same entity.
A credential may be used to perform context initiation, acceptance,
or both.
- RFC 2078
- gs_acquire_cred
- gss_release_cred
- gss_inquire_cred
- gss_add_cred
- gss_inquire_cred_by_mech
static int | ACCEPT_ONLY - Credential usage flag requesting that it be able to be used
for context acceptance only.
|
static int | INDEFINITE - Indefinite lifetime for a credential.
|
static int | INITIATE_AND_ACCEPT - Credential usage flag requesting that it be able to be used
for both context initiation and acceptance.
|
static int | INITIATE_ONLY - Credential usage flag requesting that it be able to be used
for context initiation only.
|
void | add(GSSName aName, int initLifetime, int acceptLifetime, Oid mech, int usage) - This method enables the construction of credentials one
mechanism at a time.
|
void | dispose() - Used to dispose of any sensitive information that the
GSSCredential may be containing.
|
boolean | equals(Object another) - Tests if this GSSCredential refers to the same entity as the
supplied object.
|
GSSName | getGSSName() - Retrieves the name of the entity that the credential has been
acquired for.
|
GSSName | getGSSName(Oid mechOID) - Queries the selected mechanism for the principal name of the
credential.
|
Oid[] | getMechs() - Returns the mechanism oids over which the credential has been
acquired.
|
int | getRemainingAcceptLifetime(Oid mech) - Returns the remaining lifetime in seconds for the credential
to remain capable of accepting security context under the
specified mechanism.
|
int | getRemainingInitLifetime(Oid mech) - Returns the remaining lifetime in seconds for the credential
to remain capable of initiating security context under the
specified mechanism.
|
int | getRemainingLifetime() - Obtains the remaining lifetime for a credential.
|
int | getUsage() - Retrieve the credential usage flag, which is one of
INITIATE_ONLY, ACCEPT_ONLY, INITIATE_AND_ACCEPT.
|
int | getUsage(Oid mechOID) - Retrieve the credential usage flag, which is one of
INITIATE_ONLY, ACCEPT_ONLY, INITIATE_AND_ACCEPT, for a
specific credential mechanism.
|
String | toString() - Debugging aid.
|
ACCEPT_ONLY
public static final int ACCEPT_ONLY
Credential usage flag requesting that it be able to be used
for context acceptance only.
INDEFINITE
public static final int INDEFINITE
Indefinite lifetime for a credential. It is set to the
largest value for an int in Java.
INITIATE_AND_ACCEPT
public static final int INITIATE_AND_ACCEPT
Credential usage flag requesting that it be able to be used
for both context initiation and acceptance.
INITIATE_ONLY
public static final int INITIATE_ONLY
Credential usage flag requesting that it be able to be used
for context initiation only.
GSSCredential
public GSSCredential(GSSName aName,
int usage)
throws GSSException
Constructor for default mechanism credential.
Uses default mechanism and INDEFINITE lifetime.
- RFC 2078
aName
- - name of the principal for whom this credential
is to be acquiredusage
- - the intended usage for this credential; this
must be one of the constants defined in this class
GSSException
- with possible major codes of FAILURE and
BAD_NAME
GSSCredential
public GSSCredential(GSSName aName,
int lifetime,
Oid mechOid,
int usage)
throws GSSException
Constructor for a single mechanism credential.
null values can be specified for name and mechanism to obtain
system specific defaults.
- RFC 2078
aName
- - name of the principal for whom this credential
is to be acquired; use null for system specific default
principallifetime
- - the duration of this credentialmechOid
- - mechanism over which this credential is to
be acquiredusage
- - the intended usage for this credential; this
must be one of the constants defined in this class
GSSException
- with possible major codes of FAILURE,
BAD_MECH, and BAD_NAME
GSSCredential
public GSSCredential(GSSName aName,
int lifetime,
Oid[] mechs,
int usage)
throws GSSException
Constructor for a credential over a set of mechanisms.
Acquires credentials for each of the mechanisms specified
in mechs array. null value can be used for Name to obtain
system specific default. To determine for which mechanisms
acquiring of the credential was successful use the getMechs
method. Note that this call is equivalent to creating a
single mechanism credential and using addCred to extend the
credential over other mechanisms.
- RFC 2078
aName
- - name of the principal for whom this credential
is to be acquired; use null for system specific default
principallifetime
- - the desired duration of this credentialmechs
- - mechanisms over which this credential is to
be acquiredusage
- - the intended usage for this credential; this
must be one of the constants defined in this class
GSSException
- with possible major codes of FAILURE,
BAD_MECH, and BAD_NAME
GSSCredential
public GSSCredential(int usage)
throws GSSException
Constructor for default credentials.
This will use the default mechanism, default mechanism name,
and an INDEFINITE lifetime.
- RFC 2078
usage
- - the intended usage for this credential; this
must be one of the constants defined in this class.
add
public void add(GSSName aName,
int initLifetime,
int acceptLifetime,
Oid mech,
int usage)
throws GSSException
This method enables the construction of credentials one
mechanism at a time. A single mechanism credential will
be added as specified by the mech parameter. This is
equivalent to using the constructor for multiple mechanism
but gives finer control and feedback.
- RFC 2078
aName
- - name of the principal for whom this credential
is to be acquired; use null for system specific default
principalinitLifetime
- - the desired duration of this credential
initiation lifetime; value in secondsacceptLifetime
- - the desired duration of this credential
accept lifetime; value in secondsusage
- - the intended usage for this credential; this
must be one of the constants defined in this class
GSSException
- with possible major codes of
DUPLICATE_ELEMENT, BAD_MECH, BAD_NAME, BAD_NAME, NO_CRED,
or FAILURE.
dispose
public void dispose()
throws GSSException
Used to dispose of any sensitive information that the
GSSCredential may be containing. Should be called as soon
as the credential is no longer needed to minimize the time
sensitive information is maintained.
- RFC 2078
equals
public boolean equals(Object another)
Tests if this GSSCredential refers to the same entity as the
supplied object. The two GSSCredentials must be acquired over
the same mechanisms.
- true if the two GSSCredentials refer to the same
entity; false otherwise.
getGSSName
public GSSName getGSSName()
throws GSSException
Retrieves the name of the entity that the credential has been
acquired for.
- RFC 2078
- GSSName for the credential's principal
GSSException
- with possible major codes of FAILURE,
NO_CRED, DEFECTIVE_CREDENTIAL, CREDENTIAL_EXPIRED
getGSSName
public GSSName getGSSName(Oid mechOID)
throws GSSException
Queries the selected mechanism for the principal name of the
credential. The mechanism must be one of the mechanisms over
which the credential is acquired.
- RFC 2078
mechOID
- the credential mechanism to be queried
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, CREDENTIALS_EXPIRED, FAILURE and
BAD_MECH
getMechs
public Oid[] getMechs()
throws GSSException
Returns the mechanism oids over which the credential has been
acquired.
- RFC 2078
- the array of mechanism oid's over which this credential
has been acquired
GSSException
- with possible major codes of FAILURE,
NO_CRED, DEFECTIVE_CREDENTIAL, CREDENTIAL_EXPIRED
getRemainingAcceptLifetime
public int getRemainingAcceptLifetime(Oid mech)
throws GSSException
Returns the remaining lifetime in seconds for the credential
to remain capable of accepting security context under the
specified mechanism. Return of 0 indicates that the
credential is already expired.
- RFC 2078
mech
- Oid for the credential mechanism to be queried
- the remaining acceptance lifetime in seconds
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, FAILURE and BAD_MECH
getRemainingInitLifetime
public int getRemainingInitLifetime(Oid mech)
throws GSSException
Returns the remaining lifetime in seconds for the credential
to remain capable of initiating security context under the
specified mechanism. Return of 0 indicates that the
credential is already expired.
- RFC 2078
mech
- Oid for the credential mechanism to be queried
- the remaining initiation lifetime in seconds
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, FAILURE and BAD_MECH
getRemainingLifetime
public int getRemainingLifetime()
throws GSSException
Obtains the remaining lifetime for a credential. The remaining
lifetime is the minimum lifetime for any of the credential
elements. Return of 0 indicates the credential is already
expired.
- RFC 2078
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, FAILURE.
getUsage
public int getUsage()
throws GSSException
Retrieve the credential usage flag, which is one of
INITIATE_ONLY, ACCEPT_ONLY, INITIATE_AND_ACCEPT.
- RFC 2078
- credential usage which will be only of
INITIATE_ONLY, ACCEPT_ONLY, or INITIATE_AND_ACCEPT
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, CREDENTIALS_EXPIRED, FAILURE.
getUsage
public int getUsage(Oid mechOID)
throws GSSException
Retrieve the credential usage flag, which is one of
INITIATE_ONLY, ACCEPT_ONLY, INITIATE_AND_ACCEPT, for a
specific credential mechanism.
- RFC 2078
- credential usage which will be only of
INITIATE_ONLY, ACCEPT_ONLY, or INITIATE_AND_ACCEPT
GSSException
- with possible major codes of NO_CRED,
DEFECTIVE_CREDENTIAL, CREDENTIALS_EXPIRED, FAILURE.
toString
public String toString()
Debugging aid. Returns string with information about
this credential object.