📄 gsscontext.java
字号:
* <p>Since some application-level protocols may wish to use tokens emitted * by getMIC to provide "secure framing", implementations should support * the calculation and verification of MICs over zero-length messages.</p> * * @param tokStream Input stream containing the token generated by peer's * getMIC method. * @param msgStream Input stream containing the application message to * verify the cryptographic MIC over. * @param msgProp Upon return from the method, this object will contain * the applied QOP and supplementary information * stating whether the token was a duplicate, old, out of * sequence or arriving after a gap. The confidentiality * state will be set to <code>false</code>. * @throws GSSException If this operation fails. */ void verifyMIC(InputStream tokStream, InputStream msgStream, MessageProp msgProp) throws GSSException; /** * <p>Provided to support the sharing of work between multiple processes. * This routine will typically be used by the context-acceptor, in an * application where a single process receives incoming connection * requests and accepts security contexts over them, then passes the * established context to one or more other processes for message * exchange.</p> * * <p>This method deactivates the security context and creates an * interprocess token which, when passed to the byte array constructor * of the GSSContext interface in another process, will re-activate the * context in the second process. Only a single instantiation of a * given context may be active at any one time; a subsequent attempt by * a context exporter to access the exported security context will fail.</p> * * <p>The implementation may constrain the set of processes by which the * interprocess token may be imported, either as a function of local * security policy, or as a result of implementation decisions. For * example, some implementations may constrain contexts to be passed * only between processes that run under the same account, or which are * part of the same process group.</p> * * <p>The interprocess token may contain security-sensitive information * (for example cryptographic keys). While mechanisms are encouraged to * either avoid placing such sensitive information within interprocess * tokens, or to encrypt the token before returning it to the * application, in a typical GSS-API implementation this may not be * possible. Thus the application must take care to protect the * interprocess token, and ensure that any process to which the token is * transferred is trustworthy.</p> * * @return The exported context. * @throws GSSException If this operation fails. */ byte[] export() throws GSSException; /** * <p>Sets the request state of the mutual authentication flag for the * context. This method is only valid before the context creation * process begins and only for the initiator.</p> * * @param state Boolean representing if mutual authentication should * be requested during context establishment. * @throws GSSException If this operation fails. */ void requestMutualAuth(boolean state) throws GSSException; /** * <p>Sets the request state of the replay detection service for the * context. This method is only valid before the context creation * process begins and only for the initiator.</p> * * @param state Boolean representing if replay detection is desired * over the established context. * @throws GSSException If this operation fails. */ void requestReplayDet(boolean state) throws GSSException; /** * <p>Sets the request state for the sequence checking service of the * context. This method is only valid before the context creation * process begins and only for the initiator.</p> * * @param state Boolean representing if sequence detection is desired * over the established context. * @throws GSSException If this operation fails. */ void requestSequenceDet(boolean state) throws GSSException; /** * <p>Sets the request state for the credential delegation flag for the * context. This method is only valid before the context creation * process begins and only for the initiator.</p> * * @param state Boolean representing if credential delegation is * desired. * @throws GSSException If this operation fails. */ void requestCredDeleg(boolean state) throws GSSException; /** * <p>Requests anonymous support over the context. This method is only * valid before the context creation process begins and only for the * initiator.</p> * * @param state Boolean representing if anonymity support is requested. * @throws GSSException If this operation fails. */ void requestAnonymity(boolean state) throws GSSException; /** * <p>Requests that confidentiality service be available over the context. * This method is only valid before the context creation process begins * and only for the initiator.</p> * * @param state Boolean indicating if confidentiality services are to * be requested for the context. * @throws GSSException If this operation fails. */ void requestConf(boolean state) throws GSSException; /** * <p>Requests that integrity services be available over the context. This * method is only valid before the context creation process begins and * only for the initiator.</p> * * @param state Boolean indicating if integrity services are to be * requested for the context. * @throws GSSException If this operation fails. */ void requestInteg(boolean state) throws GSSException; /** * <p>Sets the desired lifetime for the context in seconds. This method is * only valid before the context creation process begins and only for * the initiator. Use {@link #INDEFINITE_LIFETIME} and {@link * #DEFAULT_LIFETIME} to request indefinite or default context lifetime.</p> * * @param lifetime The desired context lifetime in seconds. * @throws GSSException If this operation fails. */ void requestLifetime(int lifetime) throws GSSException; /** * <p>Sets the channel bindings to be used during context establishment. * This method is only valid before the context creation process begins.</p> * * @param cb Channel bindings to be used. * @throws GSSException If this operation fails. */ void setChannelBinding(ChannelBinding cb) throws GSSException; /** * <p>Returns the state of the delegated credentials for the context. * When issued before context establishment is completed or when the * isProtReady method returns "false", it returns the desired state, * otherwise it will indicate the actual state over the established * context.</p> * * @return The state of the delegated credentials for the context. */ boolean getCredDelegState(); /** * <p>Returns the state of the mutual authentication option for the * context. When issued before context establishment completes or when * the isProtReady method returns "false", it returns the desired state, * otherwise it will indicate the actual state over the established * context.</p> * * @return The state of the mutual authentication option. */ boolean getMutualAuthState(); /** * <p>Returns the state of the replay detection option for the context. * When issued before context establishment completes or when the * isProtReady method returns "false", it returns the desired state, * otherwise it will indicate the actual state over the established * context.</p> * * @return The state of the replay detection option. */ boolean getReplayDetState(); /** * <p>Returns the state of the sequence detection option for the context. * When issued before context establishment completes or when the * isProtReady method returns "false", it returns the desired state, * otherwise it will indicate the actual state over the established * context.</p> * * @return The state of the sequence detection option. */ boolean getSequenceDetState(); /** * <p>Returns "true" if this is an anonymous context. When issued before * context establishment completes or when the isProtReady method * returns "false", it returns the desired state, otherwise it will * indicate the actual state over the established context.</p> * * @return True if this is an anonymous context. */ boolean getAnonymityState(); /** * <p>Returns "true" if the context is transferable to other processes * through the use of the {@link #export()} method. This call is only * valid on fully established contexts.</p> * * @return True if the context is transferable. * @throws GSSException If this operation fails. */ boolean isTransferable() throws GSSException; /** * <p>Returns "true" if the per message operations can be applied over * the context. Some mechanisms may allow the usage of per-message * operations before the context is fully established. This will also * indicate that the get methods will return actual context state * characteristics instead of the desired ones.</p> * * @return True if the per message operations can be applied over * the context. */ boolean isProtReady(); /** * <p>Returns the confidentiality service state over the context. When * issued before context establishment completes or when the isProtReady * method returns "false", it returns the desired state, otherwise it * will indicate the actual state over the established context.</p> * * @return True the confidentiality service state. */ boolean getConfState(); /** * <p>Returns the integrity service state over the context. When issued * before context establishment completes or when the isProtReady method * returns "false", it returns the desired state, otherwise it will * indicate the actual state over the established context.</p> * * @return The integrity service state. */ boolean getIntegState(); /** * <p>Returns the context lifetime in seconds. When issued before context * establishment completes or when the isProtReady method returns * "false", it returns the desired lifetime, otherwise it will indicate * the remaining lifetime for the context.</p> * * @return The lifetime. */ int getLifetime(); /** * <p>Returns the name of the context initiator. This call is valid only * after the context is fully established or the isProtReady method * returns "true". It is guaranteed to return an MN.</p> * * @return The name of the context initiator. * @throws GSSException If this operation fails. */ GSSName getSrcName() throws GSSException; /** * <p>Returns the name of the context target (acceptor). This call is * valid only after the context is fully established or the isProtReady * method returns "true". It is guaranteed to return an MN.</p> * * @return The name of the context target. * @throws GSSException If this operation fails. */ GSSName getTargName() throws GSSException; /** * <p>Returns the mechanism oid for this context. This method may be called * before the context is fully established, but the mechanism returned * may change on successive calls in negotiated mechanism case.</p> * * @return The mechanism OID. * @throws GSSException If this operation fails. */ Oid getMech() throws GSSException; /** * <p>Returns the delegated credential object on the acceptor's side. * To check for availability of delegated credentials call * {@link #getDelegCredState()}. This call is only valid on fully * established contexts.</p> * * @return The delegated credential object. * @throws GSSException If this operation fails. */ GSSCredential getDelegCred() throws GSSException; /** * <p>Returns "true" if this is the initiator of the context. This call is * only valid after the context creation process has started.</p> * * @return True if this is the initiator. * @throws GSSException If this operation fails. */ boolean isInitiator() throws GSSException;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -