org.ietf.jgss
Class GSSManager

java.lang.Object
  org.ietf.jgss.GSSManager

public abstract class GSSManager

extends java.lang.Object

GSSManager class is an abstract class that serves as a factory for three GSS interfaces: GSSName, GSSCredential, and GSSContext. It also provides methods for application to determine that mechanisms are available from the GSS implementation and what nametypes these mechanisms support.

An instance of the default GSSManager subclass may be obtained through the static method getInstace(), but applications are free to instantiate other subclasses of GSSManager.

Component:

Security-Core

Constructor Summary

GSSManager()

Method Summary

abstract void	addProviderAtEnd(java.security.Provider p, Oid mech) This method is used to indicate to the GSSManager that the application would like a particular provider to be used if no other provider can be found that supports the given mechanism.
abstract void	addProviderAtFront(java.security.Provider p, Oid mech) This method is used to indicate to the GSSManager that the application would like a particular provider to be used ahead of all others when support is desired for the given mechanism.
abstract GSSContext	createContext(byte[] interProcessToken) Factory method for creating a previously exported context.
abstract GSSContext	createContext(GSSCredential myCred) Factory method for creating a context on the acceptor' side.
abstract GSSContext	createContext(GSSName peer, Oid mech, GSSCredential myCred, int lifetime) Factory method for creating a context on the initiator's side.
abstract GSSCredential	createCredential(GSSName aName, int lifetime, Oid[] mechs, int usage) Factory method for acquiring credentials over a set of mechanisms.
abstract GSSCredential	createCredential(GSSName aName, int lifetime, Oid mech, int usage) Factory method for acquiring a single mechanism credential.
abstract GSSCredential	createCredential(int usage) Factory method for acquiring default credentials.
abstract GSSName	createName(byte[] name, Oid nameType) Factory method to convert a contiguous byte array containing a name from the specified namespace to a GSSName object.
abstract GSSName	createName(byte[] name, Oid nameType, Oid mech) Factory method to convert a contiguous byte array containing a name from the specified namespace to a GSSName object that is an MN.
abstract GSSName	createName(java.lang.String nameStr, Oid nameType) Factory method to convert a contiguous string name from the specified namespace to a GSSName object.
abstract GSSName	createName(java.lang.String nameStr, Oid nameType, Oid mech) Factory method to convert a contiguous string name from the specified namespace to an GSSName object that is a mechanism name (MN).
static GSSManager	getInstance() Returns the default GSSManager implementation
abstract Oid[]	getMechs() Returns an array of Oid objects indicating mechanisms available to GSS-API callers.
abstract Oid[]	getMechsForName(Oid nameType) Returns an array of Oid objects corresponding th the mechanisms that support the specific name type.
abstract Oid[]	getNamesForMech(Oid mech) Returns name type Oid's supported by the specified mechanism

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GSSManager

public GSSManager()

Method Detail

getInstance

public static GSSManager getInstance()
                              throws java.security.NoSuchProviderException

Returns the default GSSManager implementation

Returns:

default GSSManager implementation

Throws:

java.security.NoSuchProviderException

getMechs

public abstract Oid[] getMechs()

Returns an array of Oid objects indicating mechanisms available to GSS-API callers. A "null" value is returned when no mechanism are available.

Returns:

array of Oid objects

getNamesForMech

public abstract Oid[] getNamesForMech(Oid mech)
                               throws GSSException

Returns name type Oid's supported by the specified mechanism

Parameters:

mech - The Oid object for the mechanism to query

Returns:

name type Oid's

Throws:

GSSException

getMechsForName

public abstract Oid[] getMechsForName(Oid nameType)

Returns an array of Oid objects corresponding th the mechanisms that support the specific name type. "null" is returned when no mechanisms are found to support the specified name type.

Parameters:

nameType - The Oid object for the name type.

Returns:

array of Oid objects

createName

public abstract GSSName createName(java.lang.String nameStr,
                                   Oid nameType)
                            throws GSSException

Factory method to convert a contiguous string name from the specified namespace to a GSSName object. In general, the GSSName object created will not be an MN; two examples that are exceptions to this are when the namespace type parameter indicates NT_EXPORT_NAME or when the GSS-API implementation is not multi-mechanism.

Parameters:

nameStr - The string representing a printable form of the name to create.

nameType - The Oid specifying the namespace of the printable name supplied. Note that nameType serves to describe and qualify the interpretation of the input nameStr, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default printable syntax should be assumed by each mechanism that examines nameStr.

Returns:

constructed GSSName object

Throws:

GSSException

createName

public abstract GSSName createName(byte[] name,
                                   Oid nameType)
                            throws GSSException

Factory method to convert a contiguous byte array containing a name from the specified namespace to a GSSName object. In general, the GSSName object created will not be an MN; two examples that are exceptions to this are when the namespace type parameter indicates NT_EXPORT_NAME or when the GSS-API implementation is not multi- mechanism.

Parameters:

name - The byte array containing the name to create.

nameType - The Oid specifying the namespace of the name supplied in the byte array. Note that nameType serves to describe and qualify the interpretation of the input name byte array, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default syntax should be assumed by each mechanism that examines the byte array.

Returns:

contructed GSSName object

Throws:

GSSException

createName

public abstract GSSName createName(java.lang.String nameStr,
                                   Oid nameType,
                                   Oid mech)
                            throws GSSException

Factory method to convert a contiguous string name from the specified namespace to an GSSName object that is a mechanism name (MN). In other words, this method is a utility that does the equivalent of two steps: the createName described in 6.1.7 and then also the GSSName.canonicalize() described in 6.2.5.

Parameters:

nameStr - The string representing a printable form of the name to create.

nameType - The Oid specifying the namespace of the printable name supplied. Note that nameType serves to describe and qualify the interpretation of the input nameStr, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default printable syntax should be assumed when the mechanism examines nameStr.

mech - Oid specifying the mechanism for which this name should be created.

Returns:

constructed GSSName object

Throws:

GSSException

createName

public abstract GSSName createName(byte[] name,
                                   Oid nameType,
                                   Oid mech)
                            throws GSSException

Factory method to convert a contiguous byte array containing a name from the specified namespace to a GSSName object that is an MN. In other words, this method is a utility that does the equivalent of two steps: the createName described in 6.1.8 and then also the GSSName.canonicalize() described in 6.2.5.

Parameters:

name - The byte array representing the name to create.

nameType - The Oid specifying the namespace of the name supplied in the byte array. Note that nameType serves to describe and qualify the interpretation of the input name byte array, it does not necessarily imply a type for the output GSSName implementation. "null" value can be used to specify that a mechanism specific default syntax should be assumed by each mechanism that examines the byte array.

mech - Oid specifying the mechanism for which this name should be created.

Returns:

constructed GSSName object

Throws:

GSSException

createCredential

public abstract GSSCredential createCredential(int usage)
                                        throws GSSException

Factory method for acquiring default credentials. This will cause the GSS-API to use system specific defaults for the set of mechanisms, name, and a DEFAULT lifetime.

Parameters:

usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

Returns:

default credentials

Throws:

GSSException

createCredential

public abstract GSSCredential createCredential(GSSName aName,
                                               int lifetime,
                                               Oid mech,
                                               int usage)
                                        throws GSSException

Factory method for acquiring a single mechanism credential.

Parameters:

aName - Name of the principal for whom this credential is to be acquired. Use "null" to specify the default principal.

lifetime - The number of seconds that credentials should remain valid. Use GSSCredential.INDEFINITE_LIFETIME to request that the credentials have the maximum permitted lifetime. Use GSSCredential.DEFAULT_LIFETIME to request default credential lifetime.

mech - The oid of the desired mechanism. Use "(Oid) null" to request the default mechanism(s).

usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

Returns:

constructed GSSCredential object

Throws:

GSSException

createCredential

public abstract GSSCredential createCredential(GSSName aName,
                                               int lifetime,
                                               Oid[] mechs,
                                               int usage)
                                        throws GSSException

Factory method for acquiring credentials over a set of mechanisms. Acquires credentials for each of the mechanisms specified in the array called mechs. To determine the list of mechanisms' for which the acquisition of credentials succeeded, the caller should use the GSSCredential.getMechs() method.

Parameters:

aName - Name of the principal for whom this credential is to be acquired. Use "null" to specify the default principal.

lifetime - The number of seconds that credentials should remain valid. Use GSSCredential.INDEFINITE_LIFETIME to request that the credentials have the maximum permitted lifetime. Use GSSCredential.DEFAULT_LIFETIME to request default credential lifetime.

mechs - The array of mechanisms over which the credential is to be acquired. Use "(Oid[]) null" for requesting a system specific default set of mechanisms.

usage - The intended usage for this credential object. The value of this parameter must be one of: GSSCredential.ACCEPT_AND_INITIATE, GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

Returns:

constructed GSSCredential object

Throws:

GSSException

createContext

public abstract GSSContext createContext(GSSName peer,
                                         Oid mech,
                                         GSSCredential myCred,
                                         int lifetime)
                                  throws GSSException

Factory method for creating a context on the initiator's side. Context flags may be modified through the mutator methods prior to calling GSSContext.initSecContext().

Parameters:

peer - Name of the target peer.

mech - Oid of the desired mechanism. Use "(Oid) null" to request default mechanism.

myCred - Credentials of the initiator. Use "null" to act as a default initiator principal.

lifetime - The request lifetime, in seconds, for the context. Use GSSContext.INDEFINITE_LIFETIME and GSSContext.DEFAULT_LIFETIME to request indefinite or default context lifetime.

Returns:

constructed GSSContext object

Throws:

GSSException

createContext

public abstract GSSContext createContext(GSSCredential myCred)
                                  throws GSSException

Factory method for creating a context on the acceptor' side. The context's properties will be determined from the input token supplied to the accept method.

Parameters:

myCred - Credentials for the acceptor. Use "null" to act as a default acceptor principal.

Returns:

constructed GSSContext object

Throws:

GSSException

createContext

public abstract GSSContext createContext(byte[] interProcessToken)
                                  throws GSSException

Factory method for creating a previously exported context. The context properties will be determined from the input token and can't be modified through the set methods.

Parameters:

interProcessToken - The token previously emitted from the export method.

Returns:

constructed GSSContext object

Throws:

GSSException

addProviderAtFront

public abstract void addProviderAtFront(java.security.Provider p,
                                        Oid mech)
                                 throws GSSException

This method is used to indicate to the GSSManager that the application would like a particular provider to be used ahead of all others when support is desired for the given mechanism. When a value of null is used instead of an Oid for the mechanism, the GSSManager must use the indicated provider ahead of all others no matter what the mechanism is. Only when the indicated provider does not support the needed mechanism should the GSSManager move on to a different provider.

Calling this method repeatedly preserves the older settings but lowers them in preference thus forming an ordered list of provider and Oid pairs that grows at the top.

Calling addProviderAtFront with a null Oid will remove all previous preferences that were set for this provider in the GSSManager instance. Calling addProviderAtFront with a non-null Oid will remove any previous preference that was set using this mechanism and this provider together.

If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.

Parameters:

p - The provider instance that should be used whenever support is needed for mech.

mech - The mechanism for which the provider is being set

Throws:

GSSException

addProviderAtEnd

public abstract void addProviderAtEnd(java.security.Provider p,
                                      Oid mech)
                               throws GSSException

This method is used to indicate to the GSSManager that the application would like a particular provider to be used if no other provider can be found that supports the given mechanism. When a value of null is used instead of an Oid for the mechanism, the GSSManager must use the indicated provider for any mechanism.

Calling this method repeatedly preserves the older settings but raises them above newer ones in preference thus forming an ordered list of providers and Oid pairs that grows at the bottom. Thus the older provider settings will be utilized first before this one is.

If there are any previously existing preferences that conflict with the preference being set here, then the GSSManager should ignore this request.

If the GSSManager implementation does not support an SPI with a pluggable provider architecture it should throw a GSSException with the status code GSSException.UNAVAILABLE to indicate that the operation is unavailable.

Parameters:

p - The provider instance that should be used whenever support is needed for mech.

mech - The mechanism for which the provider is being set

Throws:

GSSException