Interface GSSCredential
- All Superinterfaces:
Cloneable
- All Known Subinterfaces:
ExtendedGSSCredential
public interface GSSCredential extends Cloneable
Credentials are instantiated using one of the createCredential
methods in the GSSManager
class. GSS-API credential creation is not intended to provide a "login to the network" function, as such a function would involve the creation of new credentials rather than merely acquiring a handle to existing credentials. The section on credential acquisition in the package level description describes how existing credentials are acquired in the Java platform. GSS-API implementations must impose a local access-control policy on callers to prevent unauthorized callers from acquiring credentials to which they are not entitled.
Applications will create a credential object passing the desired parameters. The application can then use the query methods to obtain specific information about the instantiated credential object. When the credential is no longer needed, the application should call the dispose
method to release any resources held by the credential object and to destroy any cryptographically sensitive information.
This example code demonstrates the creation of a GSSCredential implementation for a specific entity, querying of its fields, and its release when it is no longer needed:
GSSManager manager = GSSManager.getInstance(); // start by creating a name object for the entity GSSName name = manager.createName("myusername", GSSName.NT_USER_NAME); // now acquire credentials for the entity GSSCredential cred = manager.createCredential(name, GSSCredential.ACCEPT_ONLY); // display credential information - name, remaining lifetime, // and the mechanisms it has been acquired over System.out.println(cred.getName().toString()); System.out.println(cred.getRemainingLifetime()); Oid [] mechs = cred.getMechs(); if (mechs != null) { for (int i = 0; i< mechs.length; i++) System.out.println(mechs[i].toString()); } // release system resources held by the credential cred.dispose();
Field Summary
Modifier and Type | Field | Description |
---|---|---|
static final int |
ACCEPT_ONLY |
Credential usage flag requesting that it be usable for context acceptance only. |
static final int |
DEFAULT_LIFETIME |
A lifetime constant representing the default credential lifetime. |
static final int |
INDEFINITE_LIFETIME |
A lifetime constant representing indefinite credential lifetime. |
static final int |
INITIATE_AND_ACCEPT |
Credential usage flag requesting that it be usable for both context initiation and acceptance. |
static final int |
INITIATE_ONLY |
Credential usage flag requesting that it be usable for context initiation only. |
Method Summary
Modifier and Type | Method | Description |
---|---|---|
void |
add |
Adds a mechanism specific credential-element to an existing credential. |
void |
dispose() |
Releases any sensitive information that the GSSCredential object may be containing. |
boolean |
equals |
Tests if this GSSCredential asserts the same entity as the supplied object. |
Oid[] |
getMechs() |
Returns a list of mechanisms supported by this credential. |
GSSName |
getName() |
Retrieves the name of the entity that the credential asserts. |
GSSName |
getName |
Retrieves a Mechanism Name of the entity that the credential asserts. |
int |
getRemainingAcceptLifetime |
Returns the lifetime in seconds for the credential to remain capable of accepting security contexts using the specified mechanism. |
int |
getRemainingInitLifetime |
Returns the lifetime in seconds for the credential to remain capable of initiating security contexts using the specified mechanism. |
int |
getRemainingLifetime() |
Returns the remaining lifetime in seconds for a credential. |
int |
getUsage() |
Returns the credential usage mode. |
int |
getUsage |
Returns the credential usage mode for a specific mechanism. |
int |
hashCode() |
Returns a hashcode value for this GSSCredential. |
Field Details
INITIATE_AND_ACCEPT
static final int INITIATE_AND_ACCEPT
- See Also:
INITIATE_ONLY
static final int INITIATE_ONLY
- See Also:
ACCEPT_ONLY
static final int ACCEPT_ONLY
- See Also:
DEFAULT_LIFETIME
static final int DEFAULT_LIFETIME
- See Also:
INDEFINITE_LIFETIME
static final int INDEFINITE_LIFETIME
Integer.MAX_VALUE
.- See Also:
Method Details
dispose
void dispose() throws GSSException
- Throws:
-
GSSException
- containing the following major error codes:GSSException.FAILURE
getName
GSSName getName() throws GSSException
- Returns:
- a GSSName representing the entity
- Throws:
-
GSSException
- containing the following major error codes:GSSException.FAILURE
getName
GSSName getName(Oid mech) throws GSSException
canonicalize
on the value returned by the other form of getName
.- Parameters:
-
mech
- the Oid of the mechanism for which the Mechanism Name should be returned. - Returns:
- a GSSName representing the entity canonicalized for the desired mechanism
- Throws:
-
GSSException
- containing the following major error codes:GSSException.BAD_MECH
,GSSException.FAILURE
getRemainingLifetime
int getRemainingLifetime() throws GSSException
- Returns:
- the minimum remaining lifetime in seconds for this credential. A return value of
INDEFINITE_LIFETIME
indicates that the credential does not expire. A return value of 0 indicates that the credential is already expired. - Throws:
-
GSSException
- containing the following major error codes:GSSException.FAILURE
- See Also:
getRemainingInitLifetime
int getRemainingInitLifetime(Oid mech) throws GSSException
- Parameters:
-
mech
- the Oid of the mechanism whose initiator credential element should be queried. - Returns:
- the number of seconds remaining in the life of this credential element. A return value of
INDEFINITE_LIFETIME
indicates that the credential element does not expire. A return value of 0 indicates that the credential element is already expired. - Throws:
-
GSSException
- containing the following major error codes:GSSException.BAD_MECH
,GSSException.FAILURE
getRemainingAcceptLifetime
int getRemainingAcceptLifetime(Oid mech) throws GSSException
- Parameters:
-
mech
- the Oid of the mechanism whose acceptor credential element should be queried. - Returns:
- the number of seconds remaining in the life of this credential element. A return value of
INDEFINITE_LIFETIME
indicates that the credential element does not expire. A return value of 0 indicates that the credential element is already expired. - Throws:
-
GSSException
- containing the following major error codes:GSSException.BAD_MECH
,GSSException.FAILURE
getUsage
int getUsage() throws GSSException
- Returns:
- The return value will be one of
INITIATE_ONLY
,ACCEPT_ONLY
, andINITIATE_AND_ACCEPT
. - Throws:
-
GSSException
- containing the following major error codes:GSSException.FAILURE
getUsage
int getUsage(Oid mech) throws GSSException
- Parameters:
-
mech
- the Oid of the mechanism whose credentials usage mode is to be determined. - Returns:
- The return value will be one of
INITIATE_ONLY
,ACCEPT_ONLY
, andINITIATE_AND_ACCEPT
. - Throws:
-
GSSException
- containing the following major error codes:GSSException.BAD_MECH
,GSSException.FAILURE
getMechs
Oid[] getMechs() throws GSSException
getUsage
method with each of the returned Oid's to determine the possible modes of usage.- Returns:
- an array of Oid's corresponding to the supported mechanisms.
- Throws:
-
GSSException
- containing the following major error codes:GSSException.FAILURE
add
void add(GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage) throws GSSException
This routine is envisioned to be used mainly by context acceptors during the creation of acceptor credentials which are to be used with a variety of clients using different security mechanisms.
This routine adds the new credential element "in-place". To add the element in a new credential, first call clone
to obtain a copy of this credential, then call its add
method.
As always, GSS-API implementations must impose a local access-control policy on callers to prevent unauthorized callers from acquiring credentials to which they are not entitled. Non-default values for initLifetime and acceptLifetime cannot always be honored by the underlying mechanisms, thus callers should be prepared to call getRemainingInitLifetime
and getRemainingAcceptLifetime
on the credential.
- Parameters:
-
name
- the name of the principal for whom this credential is to be acquired. Usenull
to specify the default principal. -
initLifetime
- the number of seconds that the credential element should remain valid for initiating of security contexts. UseGSSCredential.INDEFINITE_LIFETIME
to request that the credentials have the maximum permitted lifetime for this. UseGSSCredential.DEFAULT_LIFETIME
to request default credential lifetime for this. -
acceptLifetime
- the number of seconds that the credential element should remain valid for accepting security contexts. UseGSSCredential.INDEFINITE_LIFETIME
to request that the credentials have the maximum permitted lifetime for this. UseGSSCredential.DEFAULT_LIFETIME
to request default credential lifetime for this. -
mech
- the mechanism over which the credential is to be acquired. -
usage
- the usage mode that this credential element should add to the credential. The value of this parameter must be one of:INITIATE_AND_ACCEPT
,ACCEPT_ONLY
, andINITIATE_ONLY
. - Throws:
-
GSSException
- containing the following major error codes:GSSException.DUPLICATE_ELEMENT
,GSSException.BAD_MECH
,GSSException.BAD_NAMETYPE
,GSSException.NO_CRED
,GSSException.CREDENTIALS_EXPIRED
,GSSException.FAILURE
equals
boolean equals(Object another)
hashCode
int hashCode()
© 1993, 2021, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/17/docs/api/java.security.jgss/org/ietf/jgss/GSSCredential.html