1 /* 2 * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.jgss.wrapper; 27 28 import org.ietf.jgss.*; 29 import java.security.Provider; 30 import sun.security.jgss.GSSHeader; 31 import sun.security.jgss.GSSUtil; 32 import sun.security.jgss.GSSExceptionImpl; 33 import sun.security.jgss.spi.*; 34 import sun.security.util.DerValue; 35 import sun.security.util.ObjectIdentifier; 36 import sun.security.jgss.spnego.NegTokenInit; 37 import sun.security.jgss.spnego.NegTokenTarg; 38 import javax.security.auth.kerberos.DelegationPermission; 39 import java.io.*; 40 41 42 /** 43 * This class is essentially a wrapper class for the gss_ctx_id_t 44 * structure of the native GSS library. 45 * @author Valerie Peng 46 * @since 1.6 47 */ 48 class NativeGSSContext implements GSSContextSpi { 49 50 private static final int GSS_C_DELEG_FLAG = 1; 51 private static final int GSS_C_MUTUAL_FLAG = 2; 52 private static final int GSS_C_REPLAY_FLAG = 4; 53 private static final int GSS_C_SEQUENCE_FLAG = 8; 54 private static final int GSS_C_CONF_FLAG = 16; 55 private static final int GSS_C_INTEG_FLAG = 32; 56 private static final int GSS_C_ANON_FLAG = 64; 57 private static final int GSS_C_PROT_READY_FLAG = 128; 58 private static final int GSS_C_TRANS_FLAG = 256; 59 60 private static final int NUM_OF_INQUIRE_VALUES = 6; 61 62 // Warning: The following 9 fields are used by NativeUtil.c 63 private long pContext = 0; // Pointer to the gss_ctx_id_t structure 64 private GSSNameElement srcName; 65 private GSSNameElement targetName; 66 private boolean isInitiator; 67 private boolean isEstablished; 68 private GSSCredElement delegatedCred; 69 private int flags; 70 private int lifetime = GSSCredential.DEFAULT_LIFETIME; 71 private Oid actualMech; // Assigned during context establishment 72 73 private GSSCredElement cred; 74 private GSSCredElement disposeCred; 75 76 private ChannelBinding cb; 77 private GSSCredElement disposeDelegatedCred; 78 private final GSSLibStub cStub; 79 80 private boolean skipDelegPermCheck; 81 private boolean skipServicePermCheck; 82 83 // Retrieve the (preferred) mech out of SPNEGO tokens, i.e. 84 // NegTokenInit & NegTokenTarg getMechFromSpNegoToken(byte[] token, boolean isInitiator)85 private static Oid getMechFromSpNegoToken(byte[] token, 86 boolean isInitiator) 87 throws GSSException { 88 Oid mech = null; 89 if (isInitiator) { 90 GSSHeader header = null; 91 try { 92 header = new GSSHeader(new ByteArrayInputStream(token)); 93 } catch (IOException ioe) { 94 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 95 } 96 int negTokenLen = header.getMechTokenLength(); 97 byte[] negToken = new byte[negTokenLen]; 98 System.arraycopy(token, token.length-negTokenLen, 99 negToken, 0, negToken.length); 100 101 NegTokenInit ntok = new NegTokenInit(negToken); 102 if (ntok.getMechToken() != null) { 103 Oid[] mechList = ntok.getMechTypeList(); 104 mech = mechList[0]; 105 } 106 } else { 107 NegTokenTarg ntok = new NegTokenTarg(token); 108 mech = ntok.getSupportedMech(); 109 } 110 return mech; 111 } 112 113 // Perform the Service permission check doServicePermCheck()114 private void doServicePermCheck() throws GSSException { 115 if (System.getSecurityManager() != null) { 116 String action = (isInitiator? "initiate" : "accept"); 117 // Need to check Service permission for accessing 118 // initiator cred for SPNEGO during context establishment 119 if (GSSUtil.isSpNegoMech(cStub.getMech()) && isInitiator 120 && !isEstablished) { 121 if (srcName == null) { 122 // Check by creating default initiator KRB5 cred 123 GSSCredElement tempCred = 124 new GSSCredElement(null, lifetime, 125 GSSCredential.INITIATE_ONLY, 126 GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID)); 127 tempCred.dispose(); 128 } else { 129 String tgsName = Krb5Util.getTGSName(srcName); 130 Krb5Util.checkServicePermission(tgsName, action); 131 } 132 } 133 String targetStr = targetName.getKrbName(); 134 Krb5Util.checkServicePermission(targetStr, action); 135 skipServicePermCheck = true; 136 } 137 } 138 139 // Perform the Delegation permission check doDelegPermCheck()140 private void doDelegPermCheck() throws GSSException { 141 SecurityManager sm = System.getSecurityManager(); 142 if (sm != null) { 143 String targetStr = targetName.getKrbName(); 144 String tgsStr = Krb5Util.getTGSName(targetName); 145 StringBuilder sb = new StringBuilder("\""); 146 sb.append(targetStr).append("\" \""); 147 sb.append(tgsStr).append('\"'); 148 String krbPrincPair = sb.toString(); 149 SunNativeProvider.debug("Checking DelegationPermission (" + 150 krbPrincPair + ")"); 151 DelegationPermission perm = 152 new DelegationPermission(krbPrincPair); 153 sm.checkPermission(perm); 154 skipDelegPermCheck = true; 155 } 156 } 157 retrieveToken(InputStream is, int mechTokenLen)158 private byte[] retrieveToken(InputStream is, int mechTokenLen) 159 throws GSSException { 160 try { 161 byte[] result = null; 162 if (mechTokenLen != -1) { 163 // Need to add back the GSS header for a complete GSS token 164 SunNativeProvider.debug("Precomputed mechToken length: " + 165 mechTokenLen); 166 GSSHeader gssHeader = new GSSHeader 167 (ObjectIdentifier.of(cStub.getMech().toString()), 168 mechTokenLen); 169 ByteArrayOutputStream baos = new ByteArrayOutputStream(600); 170 171 byte[] mechToken = new byte[mechTokenLen]; 172 int len = is.read(mechToken); 173 assert(mechTokenLen == len); 174 gssHeader.encode(baos); 175 baos.write(mechToken); 176 result = baos.toByteArray(); 177 } else { 178 // Must be unparsed GSS token or SPNEGO's NegTokenTarg token 179 assert(mechTokenLen == -1); 180 DerValue dv = new DerValue(is); 181 result = dv.toByteArray(); 182 } 183 SunNativeProvider.debug("Complete Token length: " + 184 result.length); 185 return result; 186 } catch (IOException ioe) { 187 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 188 } 189 } 190 191 // Constructor for context initiator NativeGSSContext(GSSNameElement peer, GSSCredElement myCred, int time, GSSLibStub stub)192 NativeGSSContext(GSSNameElement peer, GSSCredElement myCred, 193 int time, GSSLibStub stub) throws GSSException { 194 if (peer == null) { 195 throw new GSSException(GSSException.FAILURE, 1, "null peer"); 196 } 197 cStub = stub; 198 cred = myCred; 199 disposeCred = null; 200 targetName = peer; 201 isInitiator = true; 202 lifetime = time; 203 204 if (GSSUtil.isKerberosMech(cStub.getMech())) { 205 doServicePermCheck(); 206 if (cred == null) { 207 disposeCred = cred = 208 new GSSCredElement(null, lifetime, 209 GSSCredential.INITIATE_ONLY, cStub); 210 } 211 srcName = cred.getName(); 212 } 213 } 214 215 // Constructor for context acceptor NativeGSSContext(GSSCredElement myCred, GSSLibStub stub)216 NativeGSSContext(GSSCredElement myCred, GSSLibStub stub) 217 throws GSSException { 218 cStub = stub; 219 cred = myCred; 220 disposeCred = null; 221 222 if (cred != null) targetName = cred.getName(); 223 224 isInitiator = false; 225 // Defer Service permission check for default acceptor cred 226 // to acceptSecContext() 227 if (GSSUtil.isKerberosMech(cStub.getMech()) && targetName != null) { 228 doServicePermCheck(); 229 } 230 231 // srcName and potentially targetName (when myCred is null) 232 // will be set in GSSLibStub.acceptContext(...) 233 } 234 235 // Constructor for imported context 236 // Warning: called by NativeUtil.c NativeGSSContext(long pCtxt, GSSLibStub stub)237 NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException { 238 assert(pContext != 0); 239 pContext = pCtxt; 240 cStub = stub; 241 242 // Set everything except cred, cb, delegatedCred 243 long[] info = cStub.inquireContext(pContext); 244 if (info.length != NUM_OF_INQUIRE_VALUES) { 245 throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()"); 246 } 247 srcName = new GSSNameElement(info[0], cStub); 248 targetName = new GSSNameElement(info[1], cStub); 249 isInitiator = (info[2] != 0); 250 isEstablished = (info[3] != 0); 251 flags = (int) info[4]; 252 lifetime = (int) info[5]; 253 254 // Do Service Permission check when importing SPNEGO context 255 // just to be safe 256 Oid mech = cStub.getMech(); 257 if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) { 258 doServicePermCheck(); 259 } 260 } 261 getProvider()262 public Provider getProvider() { 263 return SunNativeProvider.INSTANCE; 264 } 265 initSecContext(InputStream is, int mechTokenLen)266 public byte[] initSecContext(InputStream is, int mechTokenLen) 267 throws GSSException { 268 byte[] outToken = null; 269 if ((!isEstablished) && (isInitiator)) { 270 byte[] inToken = null; 271 // Ignore the specified input stream on the first call 272 if (pContext != 0) { 273 inToken = retrieveToken(is, mechTokenLen); 274 SunNativeProvider.debug("initSecContext=> inToken len=" + 275 inToken.length); 276 } 277 278 if (!getCredDelegState()) skipDelegPermCheck = true; 279 280 if (GSSUtil.isKerberosMech(cStub.getMech()) && !skipDelegPermCheck) { 281 doDelegPermCheck(); 282 } 283 284 long pCred = (cred == null? 0 : cred.pCred); 285 outToken = cStub.initContext(pCred, targetName.pName, 286 cb, inToken, this); 287 SunNativeProvider.debug("initSecContext=> outToken len=" + 288 (outToken == null ? 0 : outToken.length)); 289 290 // Only inspect the token when the permission check 291 // has not been performed 292 if (GSSUtil.isSpNegoMech(cStub.getMech()) && outToken != null) { 293 // WORKAROUND for SEAM bug#6287358 294 actualMech = getMechFromSpNegoToken(outToken, true); 295 296 if (GSSUtil.isKerberosMech(actualMech)) { 297 if (!skipServicePermCheck) doServicePermCheck(); 298 if (!skipDelegPermCheck) doDelegPermCheck(); 299 } 300 } 301 302 if (isEstablished) { 303 if (srcName == null) { 304 srcName = new GSSNameElement 305 (cStub.getContextName(pContext, true), cStub); 306 } 307 if (cred == null) { 308 disposeCred = cred = 309 new GSSCredElement(srcName, lifetime, 310 GSSCredential.INITIATE_ONLY, cStub); 311 } 312 } 313 } 314 return outToken; 315 } 316 acceptSecContext(InputStream is, int mechTokenLen)317 public byte[] acceptSecContext(InputStream is, int mechTokenLen) 318 throws GSSException { 319 byte[] outToken = null; 320 if ((!isEstablished) && (!isInitiator)) { 321 byte[] inToken = retrieveToken(is, mechTokenLen); 322 SunNativeProvider.debug("acceptSecContext=> inToken len=" + 323 inToken.length); 324 long pCred = (cred == null? 0 : cred.pCred); 325 outToken = cStub.acceptContext(pCred, cb, inToken, this); 326 disposeDelegatedCred = delegatedCred; 327 SunNativeProvider.debug("acceptSecContext=> outToken len=" + 328 (outToken == null? 0 : outToken.length)); 329 330 if (targetName == null) { 331 targetName = new GSSNameElement 332 (cStub.getContextName(pContext, false), cStub); 333 // Replace the current default acceptor cred now that 334 // the context acceptor name is available 335 if (disposeCred != null) { 336 disposeCred.dispose(); 337 } 338 disposeCred = cred = 339 new GSSCredElement(targetName, lifetime, 340 GSSCredential.ACCEPT_ONLY, cStub); 341 } 342 343 // Only inspect token when the permission check has not 344 // been performed 345 if (GSSUtil.isSpNegoMech(cStub.getMech()) && 346 (outToken != null) && !skipServicePermCheck) { 347 if (GSSUtil.isKerberosMech(getMechFromSpNegoToken 348 (outToken, false))) { 349 doServicePermCheck(); 350 } 351 } 352 } 353 return outToken; 354 } 355 isEstablished()356 public boolean isEstablished() { 357 return isEstablished; 358 } 359 dispose()360 public void dispose() throws GSSException { 361 if (disposeCred != null) { 362 disposeCred.dispose(); 363 } 364 if (disposeDelegatedCred != null) { 365 disposeDelegatedCred.dispose(); 366 } 367 disposeDelegatedCred = disposeCred = cred = null; 368 srcName = null; 369 targetName = null; 370 delegatedCred = null; 371 if (pContext != 0) { 372 pContext = cStub.deleteContext(pContext); 373 pContext = 0; 374 } 375 } 376 getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize)377 public int getWrapSizeLimit(int qop, boolean confReq, 378 int maxTokenSize) 379 throws GSSException { 380 return cStub.wrapSizeLimit(pContext, (confReq? 1:0), qop, 381 maxTokenSize); 382 } 383 wrap(byte[] inBuf, int offset, int len, MessageProp msgProp)384 public byte[] wrap(byte[] inBuf, int offset, int len, 385 MessageProp msgProp) throws GSSException { 386 byte[] data = inBuf; 387 if ((offset != 0) || (len != inBuf.length)) { 388 data = new byte[len]; 389 System.arraycopy(inBuf, offset, data, 0, len); 390 } 391 return cStub.wrap(pContext, data, msgProp); 392 } wrap(byte[] inBuf, int offset, int len, OutputStream os, MessageProp msgProp)393 public void wrap(byte[] inBuf, int offset, int len, 394 OutputStream os, MessageProp msgProp) 395 throws GSSException { 396 try { 397 byte[] result = wrap(inBuf, offset, len, msgProp); 398 os.write(result); 399 } catch (IOException ioe) { 400 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 401 } 402 } wrap(byte[] inBuf, int inOffset, int len, byte[] outBuf, int outOffset, MessageProp msgProp)403 public int wrap(byte[] inBuf, int inOffset, int len, byte[] outBuf, 404 int outOffset, MessageProp msgProp) 405 throws GSSException { 406 byte[] result = wrap(inBuf, inOffset, len, msgProp); 407 System.arraycopy(result, 0, outBuf, outOffset, result.length); 408 return result.length; 409 } wrap(InputStream inStream, OutputStream outStream, MessageProp msgProp)410 public void wrap(InputStream inStream, OutputStream outStream, 411 MessageProp msgProp) throws GSSException { 412 try { 413 byte[] data = new byte[inStream.available()]; 414 int length = inStream.read(data); 415 byte[] token = wrap(data, 0, length, msgProp); 416 outStream.write(token); 417 } catch (IOException ioe) { 418 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 419 } 420 } 421 unwrap(byte[] inBuf, int offset, int len, MessageProp msgProp)422 public byte[] unwrap(byte[] inBuf, int offset, int len, 423 MessageProp msgProp) 424 throws GSSException { 425 if ((offset != 0) || (len != inBuf.length)) { 426 byte[] temp = new byte[len]; 427 System.arraycopy(inBuf, offset, temp, 0, len); 428 return cStub.unwrap(pContext, temp, msgProp); 429 } else { 430 return cStub.unwrap(pContext, inBuf, msgProp); 431 } 432 } unwrap(byte[] inBuf, int inOffset, int len, byte[] outBuf, int outOffset, MessageProp msgProp)433 public int unwrap(byte[] inBuf, int inOffset, int len, 434 byte[] outBuf, int outOffset, 435 MessageProp msgProp) throws GSSException { 436 byte[] result = null; 437 if ((inOffset != 0) || (len != inBuf.length)) { 438 byte[] temp = new byte[len]; 439 System.arraycopy(inBuf, inOffset, temp, 0, len); 440 result = cStub.unwrap(pContext, temp, msgProp); 441 } else { 442 result = cStub.unwrap(pContext, inBuf, msgProp); 443 } 444 System.arraycopy(result, 0, outBuf, outOffset, result.length); 445 return result.length; 446 } unwrap(InputStream inStream, OutputStream outStream, MessageProp msgProp)447 public void unwrap(InputStream inStream, OutputStream outStream, 448 MessageProp msgProp) throws GSSException { 449 try { 450 byte[] wrapped = new byte[inStream.available()]; 451 int wLength = inStream.read(wrapped); 452 byte[] data = unwrap(wrapped, 0, wLength, msgProp); 453 outStream.write(data); 454 outStream.flush(); 455 } catch (IOException ioe) { 456 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 457 } 458 } 459 unwrap(InputStream inStream, byte[] outBuf, int outOffset, MessageProp msgProp)460 public int unwrap(InputStream inStream, 461 byte[] outBuf, int outOffset, 462 MessageProp msgProp) throws GSSException { 463 byte[] wrapped = null; 464 int wLength = 0; 465 try { 466 wrapped = new byte[inStream.available()]; 467 wLength = inStream.read(wrapped); 468 byte[] result = unwrap(wrapped, 0, wLength, msgProp); 469 } catch (IOException ioe) { 470 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 471 } 472 byte[] result = unwrap(wrapped, 0, wLength, msgProp); 473 System.arraycopy(result, 0, outBuf, outOffset, result.length); 474 return result.length; 475 } 476 getMIC(byte[] in, int offset, int len, MessageProp msgProp)477 public byte[] getMIC(byte[] in, int offset, int len, 478 MessageProp msgProp) throws GSSException { 479 int qop = (msgProp == null? 0:msgProp.getQOP()); 480 byte[] inMsg = in; 481 if ((offset != 0) || (len != in.length)) { 482 inMsg = new byte[len]; 483 System.arraycopy(in, offset, inMsg, 0, len); 484 } 485 return cStub.getMic(pContext, qop, inMsg); 486 } 487 getMIC(InputStream inStream, OutputStream outStream, MessageProp msgProp)488 public void getMIC(InputStream inStream, OutputStream outStream, 489 MessageProp msgProp) throws GSSException { 490 try { 491 int length = 0; 492 byte[] msg = new byte[inStream.available()]; 493 length = inStream.read(msg); 494 495 byte[] msgToken = getMIC(msg, 0, length, msgProp); 496 if ((msgToken != null) && msgToken.length != 0) { 497 outStream.write(msgToken); 498 } 499 } catch (IOException ioe) { 500 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 501 } 502 } 503 verifyMIC(byte[] inToken, int tOffset, int tLen, byte[] inMsg, int mOffset, int mLen, MessageProp msgProp)504 public void verifyMIC(byte[] inToken, int tOffset, int tLen, 505 byte[] inMsg, int mOffset, int mLen, 506 MessageProp msgProp) throws GSSException { 507 byte[] token = inToken; 508 byte[] msg = inMsg; 509 if ((tOffset != 0) || (tLen != inToken.length)) { 510 token = new byte[tLen]; 511 System.arraycopy(inToken, tOffset, token, 0, tLen); 512 } 513 if ((mOffset != 0) || (mLen != inMsg.length)) { 514 msg = new byte[mLen]; 515 System.arraycopy(inMsg, mOffset, msg, 0, mLen); 516 } 517 cStub.verifyMic(pContext, token, msg, msgProp); 518 } 519 verifyMIC(InputStream tokStream, InputStream msgStream, MessageProp msgProp)520 public void verifyMIC(InputStream tokStream, InputStream msgStream, 521 MessageProp msgProp) throws GSSException { 522 try { 523 byte[] msg = new byte[msgStream.available()]; 524 int mLength = msgStream.read(msg); 525 byte[] tok = new byte[tokStream.available()]; 526 int tLength = tokStream.read(tok); 527 verifyMIC(tok, 0, tLength, msg, 0, mLength, msgProp); 528 } catch (IOException ioe) { 529 throw new GSSExceptionImpl(GSSException.FAILURE, ioe); 530 } 531 } 532 export()533 public byte[] export() throws GSSException { 534 byte[] result = cStub.exportContext(pContext); 535 pContext = 0; 536 return result; 537 } 538 changeFlags(int flagMask, boolean isEnable)539 private void changeFlags(int flagMask, boolean isEnable) { 540 if (isInitiator && pContext == 0) { 541 if (isEnable) { 542 flags |= flagMask; 543 } else { 544 flags &= ~flagMask; 545 } 546 } 547 } requestMutualAuth(boolean state)548 public void requestMutualAuth(boolean state) throws GSSException { 549 changeFlags(GSS_C_MUTUAL_FLAG, state); 550 } requestReplayDet(boolean state)551 public void requestReplayDet(boolean state) throws GSSException { 552 changeFlags(GSS_C_REPLAY_FLAG, state); 553 } requestSequenceDet(boolean state)554 public void requestSequenceDet(boolean state) throws GSSException { 555 changeFlags(GSS_C_SEQUENCE_FLAG, state); 556 } requestCredDeleg(boolean state)557 public void requestCredDeleg(boolean state) throws GSSException { 558 changeFlags(GSS_C_DELEG_FLAG, state); 559 } requestAnonymity(boolean state)560 public void requestAnonymity(boolean state) throws GSSException { 561 changeFlags(GSS_C_ANON_FLAG, state); 562 } requestConf(boolean state)563 public void requestConf(boolean state) throws GSSException { 564 changeFlags(GSS_C_CONF_FLAG, state); 565 } requestInteg(boolean state)566 public void requestInteg(boolean state) throws GSSException { 567 changeFlags(GSS_C_INTEG_FLAG, state); 568 } requestDelegPolicy(boolean state)569 public void requestDelegPolicy(boolean state) throws GSSException { 570 // Not supported, ignore 571 } requestLifetime(int lifetime)572 public void requestLifetime(int lifetime) throws GSSException { 573 if (isInitiator && pContext == 0) { 574 this.lifetime = lifetime; 575 } 576 } setChannelBinding(ChannelBinding cb)577 public void setChannelBinding(ChannelBinding cb) throws GSSException { 578 if (pContext == 0) { 579 this.cb = cb; 580 } 581 } 582 checkFlags(int flagMask)583 private boolean checkFlags(int flagMask) { 584 return ((flags & flagMask) != 0); 585 } getCredDelegState()586 public boolean getCredDelegState() { 587 return checkFlags(GSS_C_DELEG_FLAG); 588 } getMutualAuthState()589 public boolean getMutualAuthState() { 590 return checkFlags(GSS_C_MUTUAL_FLAG); 591 } getReplayDetState()592 public boolean getReplayDetState() { 593 return checkFlags(GSS_C_REPLAY_FLAG); 594 } getSequenceDetState()595 public boolean getSequenceDetState() { 596 return checkFlags(GSS_C_SEQUENCE_FLAG); 597 } getAnonymityState()598 public boolean getAnonymityState() { 599 return checkFlags(GSS_C_ANON_FLAG); 600 } isTransferable()601 public boolean isTransferable() throws GSSException { 602 return checkFlags(GSS_C_TRANS_FLAG); 603 } isProtReady()604 public boolean isProtReady() { 605 return checkFlags(GSS_C_PROT_READY_FLAG); 606 } getConfState()607 public boolean getConfState() { 608 return checkFlags(GSS_C_CONF_FLAG); 609 } getIntegState()610 public boolean getIntegState() { 611 return checkFlags(GSS_C_INTEG_FLAG); 612 } getDelegPolicyState()613 public boolean getDelegPolicyState() { 614 return false; 615 } getLifetime()616 public int getLifetime() { 617 return cStub.getContextTime(pContext); 618 } getSrcName()619 public GSSNameSpi getSrcName() throws GSSException { 620 return srcName; 621 } getTargName()622 public GSSNameSpi getTargName() throws GSSException { 623 return targetName; 624 } getMech()625 public Oid getMech() throws GSSException { 626 if (isEstablished && actualMech != null) { 627 return actualMech; 628 } else { 629 return cStub.getMech(); 630 } 631 } getDelegCred()632 public GSSCredentialSpi getDelegCred() throws GSSException { 633 disposeDelegatedCred = null; 634 return delegatedCred; 635 } isInitiator()636 public boolean isInitiator() { 637 return isInitiator; 638 } 639 640 @SuppressWarnings("deprecation") finalize()641 protected void finalize() throws Throwable { 642 dispose(); 643 } 644 inquireSecContext(String type)645 public Object inquireSecContext(String type) 646 throws GSSException { 647 throw new GSSException(GSSException.UNAVAILABLE, -1, 648 "Inquire type not supported."); 649 } 650 } 651