com.ibm.security.jgss.mech.krb5
Class Krb5MechFactory
- java.lang.Object
com.ibm.security.jgss.mech.krb5.Krb5MechFactory
- public final class Krb5MechFactory
- extends java.lang.Object
- implements MechanismFactory
Constructor Summary
| Constructor and Description |
|---|
Krb5MechFactory(int caller)
|
Method Summary
| Modifier and Type | Method and Description |
|---|---|
getCredentialElement(GSSNameSpi name,int initLifeTime,int acceptLifeTime,int usage)
|
|
getMechanismContext(byte[] exportedContext)
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred)
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred,GSSContext myContext)
|
|
getMechanismContext(GSSNameSpi peer,GSSCredentialSpi myInitiatorCred,int lifetime)
|
|
getMechanismOid()
|
|
getNameElement(byte[] nameStr,Oid nameType)
|
|
getNameElement(java.lang.String nameStr,Oid nameType)
|
|
|
getNameTypes()
|
|
getProvider()
|
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
Krb5MechFactory
- public Krb5MechFactory(int caller)
Method Detail
getMechanismOid
- public Oid getMechanismOid()
getMechanismOid in interface MechanismFactory
getProvider
- public java.security.Provider getProvider( )
MechanismFactory
getProvider in interface MechanismFactory
getNameTypes
- public Oid[] getNameTypes()
MechanismFactory
getNameTypes in interface MechanismFactory
getCredentialElement
- public GSSCredentialSpi getCredentialElement( GSSNameSpi name,
- int initLifeTime,
- int acceptLifeTime,
- int usage)
- throws GSSException
MechanismFactory
Not all mechanisms support the concept of one credential element that can be used for both initiating and accepting a context. In the event that an application requests usage INITIATE_AND_ACCEPT for a credential from such a mechanism, the GSS framework will need to obtain two different credential elements from the mechanism, one that will have usage INITIATE_ONLY and another that will have usage ACCEPT_ONLY. The mechanism will help the GSS-API realize this by returning a credential element with usage INITIATE_ONLY or ACCEPT_ONLY prompting it to make another call to getCredentialElement, this time with the other usage mode. The mechanism indicates the missing mode by returning a 0 lifetime for it.
getCredentialElement in interface MechanismFactory
name - the mechanism level name element for the entity whose
credential is desired. A null value indicates that a mechanism
dependent default choice is to be made. initLifeTime - indicates the lifetime (in seconds) that is
requested for this credential to be used at the context initiator's
end. This value should be ignored if the usage is
ACCEPT_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. acceptLifeTime - indicates the lifetime (in seconds) that is
requested for this credential to be used at the context acceptor's
end. This value should be ignored if the usage is
INITIATE_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. usage - One of the values GSSCredential.INIATE_ONLY,
GSSCredential.ACCEPT_ONLY, and GSSCredential.INITIATE_AND_ACCEPT. GSSException - if one of the error situations described in RFC
2743 with the GSS_Acquire_Cred or GSS_Add_Cred calls occurs. getNameElement
- public GSSNameSpi getNameElement( java.lang.String nameStr,
- Oid nameType)
- throws GSSException
MechanismFactory
getNameElement in interface MechanismFactory
nameStr - a string containing the characters describing this
entity to the mechanism nameType - an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException - if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getNameElement
- public GSSNameSpi getNameElement( byte[] nameStr,
- Oid nameType)
- throws GSSException
MechanismFactory
An exported name will generally be passed in using this method.
getNameElement in interface MechanismFactory
nameType - an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException - if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSNameSpi peer,
- GSSCredentialSpi myInitiatorCred,
- int lifetime)
- throws GSSException
MechanismFactory
getMechanismContext in interface MechanismFactory
peer - the name element from this mechanism that represents the
peer myInitiatorCred - a credential element for the context
initiator obtained previously from this mechanism. The identity of
the context initiator can be obtained from this credential. Passing
a value of null here indicates that a default entity of the
mechanism's choice should be assumed to be the context initiator and
that default credentials should be applied. lifetime - the requested lifetime (in seconds) for the security
context. Predefined contants are available in the
org.ietf.jgss.GSSContext interface. GSSException - if any of the errors described in RFC 2743 in
the GSS_Init_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred)
- throws GSSException
MechanismFactory
getMechanismContext in interface MechanismFactory
myAcceptorCred - a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. GSSException - if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred,
- GSSContext myContext)
- throws GSSException
MechanismFactory
getMechanismContext in interface MechanismFactory
myAcceptorCred - a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. myContext - the GSSContext object to relate to this provider-specific,
mechanism-specific context object GSSException - if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( byte[] exportedContext)
- throws GSSException
MechanismFactory
getMechanismContext in interface MechanismFactory
exportedContext - the bytes representing this security context GSSException - is any of the errors described in RFC 2743 in
the GSS_Import_Sec_Context call occur.
MechanismFactory