org.globus.mds.gsi.jndi
Class GSIMech

java.lang.Object
  extended byorg.globus.mds.gsi.common.GSIMechanism
      extended byorg.globus.mds.gsi.jndi.GSIMech
All Implemented Interfaces:
com.sun.security.sasl.preview.SaslClient

public class GSIMech
extends GSIMechanism
implements com.sun.security.sasl.preview.SaslClient

Implements the SASL client mechanism for GSI.


Field Summary
 
Fields inherited from class org.globus.mds.gsi.common.GSIMechanism
allQop, completed, context, HIGH_STRENGTH, integrity, INTEGRITY_ONLY_PROTECTION, LOW_STRENGTH, MAX_BUFFER, MAX_SEND_BUF, MEDIUM_STRENGTH, NAME, NAME2, NO_PROTECTION, privacy, PRIVACY_PROTECTION, PROXY, qop, QOP, recvMaxBufSize, SECURITY_CREDENTIALS, sendMaxBufSize, strength, STRENGTH
 
Constructor Summary
GSIMech(String authzID, String protocol, String serverName, Map props, CallbackHandler cbh)
           
 
Method Summary
 void dispose()
          Disposes of the internal I/O streams.
 byte[] evaluateChallenge(byte[] challengeData)
          Evaluates the challenge data and generates a response.
protected  void finalize()
           
 String getNegotiatedProperty(String propName)
          Retrieves the negotiated property.
 boolean hasInitialResponse()
          Determines whether this mechanism has an optional initial response.
 byte[] unwrap(byte[] incoming, int offset, int len)
          Unwraps a byte array received from the server.
 byte[] wrap(byte[] outgoing, int offset, int len)
          Wraps a byte array to be sent to the server.
 
Methods inherited from class org.globus.mds.gsi.common.GSIMechanism
combineMasks, exchangeData, findPreferredMask, getInputStream, getMechanismName, getOutputStream, getRecvMaxBufSize, getSendMaxBufSize, init, intToNetworkByteOrder, isComplete, isIntegrityQop, isNotProtected, isPrivacyQop, negotiateProtections, networkByteOrderToInt, parseProp, parseQop, parseQop, parseStrength, setQOP
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.sun.security.sasl.preview.SaslClient
getMechanismName, isComplete
 

Constructor Detail

GSIMech

public GSIMech(String authzID,
               String protocol,
               String serverName,
               Map props,
               CallbackHandler cbh)
        throws com.sun.security.sasl.preview.SaslException
Method Detail

hasInitialResponse

public boolean hasInitialResponse()
Determines whether this mechanism has an optional initial response. If true, caller should call evaluateChallenge() with an empty array to get the initial response.

Specified by:
hasInitialResponse in interface com.sun.security.sasl.preview.SaslClient
Returns:
true if this mechanism has an initial response. Always returns true for SSL.

evaluateChallenge

public byte[] evaluateChallenge(byte[] challengeData)
                         throws com.sun.security.sasl.preview.SaslException
Evaluates the challenge data and generates a response.

Specified by:
evaluateChallenge in interface com.sun.security.sasl.preview.SaslClient
Parameters:
challengeData - The non-null challenge sent from the server.
Returns:
The possibly null reponse to send to the server. It is null if the challenge accompanied a "SUCCESS" status and the challenge only contains data for the client to update its state and no response needs to be sent to the server.
Throws:
com.sun.security.sasl.preview.SaslException - If an error occurred while processing the challenge or generating a response.

wrap

public byte[] wrap(byte[] outgoing,
                   int offset,
                   int len)
            throws com.sun.security.sasl.preview.SaslException
Wraps a byte array to be sent to the server. This method can be called only after the authentication exchange has completed (i.e., when isComplete() returns true) and only if the authentication exchange has negotiated integrity and/or privacy as the quality of protection; otherwise, a SaslException is thrown.

Returns SSL wrapped byte array.

Specified by:
wrap in interface com.sun.security.sasl.preview.SaslClient
Parameters:
outgoing - A non-null byte array containing the bytes to encode.
offset - The starting position at outgoing of the bytes to use.
len - The number of bytes from outgoing to use.
Returns:
A non-null byte array containing the encoded bytes.
Throws:
com.sun.security.sasl.preview.SaslException - if the authentication exchange has not completed or if the negotiated quality of protection has neither integrity nor privacy.

unwrap

public byte[] unwrap(byte[] incoming,
                     int offset,
                     int len)
              throws com.sun.security.sasl.preview.SaslException
Unwraps a byte array received from the server. This method can be called only after the authentication exchange has completed (i.e., when isComplete() returns true) and only if the authentication exchange has negotiated integrity and/or privacy as the quality of protection; otherwise, a SaslException is thrown.

Returns SSL unwraped byte array.

Specified by:
unwrap in interface com.sun.security.sasl.preview.SaslClient
Parameters:
incoming - A non-null byte array containing the encoded bytes from the server.
offset - The starting position at incoming of the bytes to use.
len - The number of bytes from incoming to use.
Returns:
A non-null byte array containing the decoded bytes.
Throws:
com.sun.security.sasl.preview.SaslException - if the authentication exchange has not completed or if the negotiated quality of protection has neither integrity nor privacy.

dispose

public void dispose()
             throws com.sun.security.sasl.preview.SaslException
Disposes of the internal I/O streams. Invoking this method invalidates the SaslClient instance.

Specified by:
dispose in interface com.sun.security.sasl.preview.SaslClient
Throws:
com.sun.security.sasl.preview.SaslException - If a problem was encountered while disposing the resources.

getNegotiatedProperty

public String getNegotiatedProperty(String propName)
                             throws com.sun.security.sasl.preview.SaslException
Retrieves the negotiated property. This method can be called only after the authentication exchange has completed (i.e., when isComplete() returns true); otherwise, a SaslException is thrown.

Specified by:
getNegotiatedProperty in interface com.sun.security.sasl.preview.SaslClient
Returns:
The value of the negotiated property. If null, the property was not negotiated or is not applicable to this mechanism.
Throws:
com.sun.security.sasl.preview.SaslException - if this authentication exchange has not completed

finalize

protected void finalize()
                 throws Throwable
Throws:
Throwable