Path: blob/master/src/java.security.jgss/share/classes/sun/security/jgss/spi/GSSContextSpi.java
41161 views
/*1* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425/*26*27* (C) Copyright IBM Corp. 1999 All Rights Reserved.28* Copyright 1997 The Open Group Research Institute. All rights reserved.29*/30package sun.security.jgss.spi;3132import org.ietf.jgss.*;33import java.io.InputStream;34import java.io.OutputStream;35import java.security.Provider;3637/**38* This interface is implemented by a mechanism specific instance of a GSS39* security context.40* A GSSContextSpi object can be thought of having 3 states:41* -before initialization42* -during initialization with its peer43* -after it is established44* <p>45* The context options can only be requested in state 1. In state 3,46* the per message operations are available to the callers. The get47* methods for the context options will return the requested options48* while in state 1 and 2, and the established values in state 3.49* Some mechanisms may allow the access to the per-message operations50* and the context flags before the context is fully established. The51* isProtReady method is used to indicate that these services are52* available.53* <p>54* <strong>55* Context establishment tokens are defined in a mechanism independent56* format in section 3.1 of RFC 2743. The GSS-Framework will add57* and remove the mechanism independent header portion of this token format58* depending on whether a token is received or is being sent. The mechanism59* should only generate or expect to read the inner-context token portion.60* <br>61* On the other hands, tokens used for per-message calls are generated62* entirely by the mechanism. It is possible that the mechanism chooses to63* encase inner-level per-message tokens in a header similar to that used64* for initial tokens, however, this is upto the mechanism to do. The token65* to/from the per-message calls are opaque to the GSS-Framework.66* </strong>67* <p>68* An attempt has been made to allow for reading the peer's tokens from an69* InputStream and writing tokens for the peer to an OutputStream. This70* allows applications to pass in streams that are obtained from their network71* connections and thus minimize the buffer copies that will happen. This72* is especially important for tokens generated by wrap() which are73* proportional in size to the length of the application data being74* wrapped, and are probably also the most frequently used type of tokens.75* <p>76* It is anticipated that most applications will want to use wrap() in a77* fashion where they obtain the application bytes to wrap from a byte[]78* but want to output the wrap token straight to an79* OutputStream. Similarly, they will want to use unwrap() where they read80* the token directly form an InputStream but output it to some byte[] for81* the application to process. Unfortunately the high level GSS bindings82* do not contain overloaded forms of wrap() and unwrap() that do just83* this, however we have accomodated those cases here with the expectation84* that this will be rolled into the high level bindings sooner or later.85*86* @author Mayank Upadhyay87*/8889public interface GSSContextSpi {9091public Provider getProvider();9293// The specification for the following methods mirrors the94// specification of the same methods in the GSSContext interface, as95// defined in RFC 2853.9697public void requestLifetime(int lifetime) throws GSSException;9899public void requestMutualAuth(boolean state) throws GSSException;100101public void requestReplayDet(boolean state) throws GSSException;102103public void requestSequenceDet(boolean state) throws GSSException;104105public void requestCredDeleg(boolean state) throws GSSException;106107public void requestAnonymity(boolean state) throws GSSException;108109public void requestConf(boolean state) throws GSSException;110111public void requestInteg(boolean state) throws GSSException;112113public void requestDelegPolicy(boolean state) throws GSSException;114115public void setChannelBinding(ChannelBinding cb) throws GSSException;116117public boolean getCredDelegState();118119public boolean getMutualAuthState();120121public boolean getReplayDetState();122123public boolean getSequenceDetState();124125public boolean getAnonymityState();126127public boolean getDelegPolicyState();128129public boolean isTransferable() throws GSSException;130131public boolean isProtReady();132133public boolean isInitiator();134135public boolean getConfState();136137public boolean getIntegState();138139public int getLifetime();140141public boolean isEstablished();142143public GSSNameSpi getSrcName() throws GSSException;144145public GSSNameSpi getTargName() throws GSSException;146147public Oid getMech() throws GSSException;148149public GSSCredentialSpi getDelegCred() throws GSSException;150151/**152* Initiator context establishment call. This method may be153* required to be called several times. A CONTINUE_NEEDED return154* call indicates that more calls are needed after the next token155* is received from the peer.156* <p>157* This method is called by the GSS-Framework when the application158* calls the initSecContext method on the GSSContext implementation159* that it has a reference to.160* <p>161* All overloaded forms of GSSContext.initSecContext() can be handled162* with this mechanism level initSecContext. Since the output token163* from this method is a fixed size, not exeedingly large, and a one164* time deal, an overloaded form that takes an OutputStream has not165* been defined. The GSS-Framwork can write the returned byte[] to any166* application provided OutputStream. Similarly, any application input167* int he form of byte arrays will be wrapped in an input stream by the168* GSS-Framework and then passed here.169* <p>170* <strong>171* The GSS-Framework will strip off the leading mechanism independent172* GSS-API header. In other words, only the mechanism specific173* inner-context token of RFC 2743 section 3.1 will be available on the174* InputStream.175* </strong>176*177* @param is contains the inner context token portion of the GSS token178* received from the peer. On the first call to initSecContext, there179* will be no token hence it will be ignored.180* @param mechTokenSize the size of the inner context token as read by181* the GSS-Framework from the mechanism independent GSS-API level182* header.183* @return any inner-context token required to be sent to the peer as184* part of a GSS token. The mechanism should not add the mechanism185* independent part of the token. The GSS-Framework will add that on186* the way out.187* @exception GSSException may be thrown188*/189public byte[] initSecContext(InputStream is, int mechTokenSize)190throws GSSException;191192/**193* Acceptor's context establishment call. This method may be194* required to be called several times. A CONTINUE_NEEDED return195* call indicates that more calls are needed after the next token196* is received from the peer.197* <p>198* This method is called by the GSS-Framework when the application199* calls the acceptSecContext method on the GSSContext implementation200* that it has a reference to.201* <p>202* All overloaded forms of GSSContext.acceptSecContext() can be handled203* with this mechanism level acceptSecContext. Since the output token204* from this method is a fixed size, not exeedingly large, and a one205* time deal, an overloaded form that takes an OutputStream has not206* been defined. The GSS-Framwork can write the returned byte[] to any207* application provided OutputStream. Similarly, any application input208* int he form of byte arrays will be wrapped in an input stream by the209* GSS-Framework and then passed here.210* <p>211* <strong>212* The GSS-Framework will strip off the leading mechanism independent213* GSS-API header. In other words, only the mechanism specific214* inner-context token of RFC 2743 section 3.1 will be available on the215* InputStream.216* </strong>217*218* @param is contains the inner context token portion of the GSS token219* received from the peer.220* @param mechTokenSize the size of the inner context token as read by221* the GSS-Framework from the mechanism independent GSS-API level222* header.223* @return any inner-context token required to be sent to the peer as224* part of a GSS token. The mechanism should not add the mechanism225* independent part of the token. The GSS-Framework will add that on226* the way out.227* @exception GSSException may be thrown228*/229public byte[] acceptSecContext(InputStream is, int mechTokenSize)230throws GSSException;231232/**233* Queries the context for largest data size to accommodate234* the specified protection and for the token to remain less then235* maxTokSize.236*237* @param qop the quality of protection that the context will be238* asked to provide.239* @param confReq a flag indicating whether confidentiality will be240* requested or not241* @param maxTokSize the maximum size of the output token242* @return the maximum size for the input message that can be243* provided to the wrap() method in order to guarantee that these244* requirements are met.245* @exception GSSException may be thrown246*/247public int getWrapSizeLimit(int qop, boolean confReq, int maxTokSize)248throws GSSException;249250/**251* Provides per-message token encapsulation.252*253* @param is the user-provided message to be protected254* @param os the token to be sent to the peer. It includes255* the message from <i>is</i> with the requested protection.256* @param msgProp on input it contains the requested qop and257* confidentiality state, on output, the applied values258* @exception GSSException may be thrown259* @see unwrap260*/261public void wrap(InputStream is, OutputStream os, MessageProp msgProp)262throws GSSException;263264/**265* For apps that want simplicity and don't care about buffer copies.266*/267public byte[] wrap(byte[] inBuf, int offset, int len,268MessageProp msgProp) throws GSSException;269270/**271* For apps that care about buffer copies but either cannot use streams272* or want to avoid them for whatever reason. (Say, they are using273* block ciphers.)274*275* NOTE: This method is not defined in public class org.ietf.jgss.GSSContext276*277public int wrap(byte[] inBuf, int inOffset, int len,278byte[] outBuf, int outOffset,279MessageProp msgProp) throws GSSException;280281*/282283/**284* For apps that want to read from a specific application provided285* buffer but want to write directly to the network stream.286*/287/*288* Can be achieved by converting the input buffer to a289* ByteInputStream. Provided to keep the API consistent290* with unwrap.291*292* NOTE: This method is not defined in public class org.ietf.jgss.GSSContext293*294public void wrap(byte[] inBuf, int offset, int len,295OutputStream os, MessageProp msgProp)296throws GSSException;297*/298299/**300* Retrieves the message token previously encapsulated in the wrap301* call.302*303* @param is the token from the peer304* @param os unprotected message data305* @param msgProp will contain the applied qop and confidentiality306* of the input token and any informatory status values307* @exception GSSException may be thrown308* @see wrap309*/310public void unwrap(InputStream is, OutputStream os,311MessageProp msgProp) throws GSSException;312313/**314* For apps that want simplicity and don't care about buffer copies.315*/316public byte[] unwrap(byte[] inBuf, int offset, int len,317MessageProp msgProp) throws GSSException;318319/**320* For apps that care about buffer copies but either cannot use streams321* or want to avoid them for whatever reason. (Say, they are using322* block ciphers.)323*324* NOTE: This method is not defined in public class org.ietf.jgss.GSSContext325*326public int unwrap(byte[] inBuf, int inOffset, int len,327byte[] outBuf, int outOffset,328MessageProp msgProp) throws GSSException;329330*/331332/**333* For apps that care about buffer copies and want to read334* straight from the network, but also want the output in a specific335* application provided buffer, say to reduce buffer allocation or336* subsequent copy.337*338* NOTE: This method is not defined in public class org.ietf.jgss.GSSContext339*340public int unwrap(InputStream is,341byte[] outBuf, int outOffset,342MessageProp msgProp) throws GSSException;343*/344345/**346* Applies per-message integrity services.347*348* @param is the user-provided message349* @param os the token to be sent to the peer along with the350* message token. The message token <b>is not</b> encapsulated.351* @param msgProp on input the desired QOP and output the applied QOP352* @exception GSSException353*/354public void getMIC(InputStream is, OutputStream os,355MessageProp msgProp)356throws GSSException;357358public byte[] getMIC(byte[] inMsg, int offset, int len,359MessageProp msgProp) throws GSSException;360361/**362* Checks the integrity of the supplied tokens.363* This token was previously generated by getMIC.364*365* @param is token generated by getMIC366* @param msgStr the message to check integrity for367* @param mProp will contain the applied QOP and confidentiality368* states of the token as well as any informatory status codes369* @exception GSSException may be thrown370*/371public void verifyMIC(InputStream is, InputStream msgStr,372MessageProp mProp) throws GSSException;373374public void verifyMIC(byte[] inTok, int tokOffset, int tokLen,375byte[] inMsg, int msgOffset, int msgLen,376MessageProp msgProp) throws GSSException;377378/**379* Produces a token representing this context. After this call380* the context will no longer be usable until an import is381* performed on the returned token.382*383* @return exported context token384* @exception GSSException may be thrown385*/386public byte[] export() throws GSSException;387388/**389* Releases context resources and terminates the390* context between 2 peer.391*392* @exception GSSException may be thrown393*/394public void dispose() throws GSSException;395396/**397* Return the mechanism-specific attribute associated with {@code type}.398*399* @param type the type of the attribute requested400* @return the attribute401* @throws GSSException see {@link ExtendedGSSContext#inquireSecContext}402* for details403*/404public Object inquireSecContext(String type)405throws GSSException;406}407408409