Package dev.galasa.zossecurity

Class KerberosInitiator

java.lang.Object
dev.galasa.zossecurity.KerberosInitiator
public class KerberosInitiator extends Object
This class represents the initiator of the kerberos security context. It is created with a service, a client and a kdc. Requested properties, such as mutual authentication and confidentiality can then be set before calling create() to create the security context. initiate() will then be called, (and potentially initiate(KerberosToken) if further initiation is required).

  • Constructor Details

  • Method Details

    • isRequestMutualAuth

      public boolean isRequestMutualAuth()
      Returns true if mutual authentication has been requested
      Returns:
      - true if mutual authentication has been requested

    • setRequestMutualAuth

      public void setRequestMutualAuth(boolean requestMutualAuth)
      Set true to request mutual authentication
      Parameters:
      requestMutualAuth -

    • isRequestConf

      public boolean isRequestConf()
      Returns true if confidentiality has been requested
      Returns:
      - true if confidentiality has been requested

    • setRequestConf

      public void setRequestConf(boolean requestConf)
      Set true to request confidentiality
      Parameters:
      requestConf -

    • isRequestCredDeleg

      public boolean isRequestCredDeleg()
      Returns true if credential delegation has been requested
      Returns:
      - true if credential delegation has been requested

    • setRequestCredDeleg

      public void setRequestCredDeleg(boolean requestCredDeleg)
      Set true to request credential delegation
      Parameters:
      requestCredDeleg -

    • isContextEstablished

      public boolean isContextEstablished()
      Return true when the security context has been established
      Returns:
      - true when the security context has been established

    • create

      public void create() throws ZosSecurityManagerException
      Create the security context by logging into the KDC as the client and populating the context from the subject
      Throws:
      ZosSecurityManagerException

    • initiate

      public KerberosToken initiate() throws ZosSecurityManagerException
      Initiate the security context without a token. This is equivalent to initiate(KerberosToken) where the token is null, and is always the first called during initiation
      Returns:
      - a Kerberos token
      Throws:
      ZosSecurityManagerException

    • initiate

      public KerberosToken initiate(KerberosToken inToken) throws ZosSecurityManagerException
      Initiate the security context with a token, or without if inToken is null. Initiate will always first be called without a token, and may be called with a token if the acceptor produces further tokens when accepting the security context. isContextEstablished() can be called to determine whether further tokens are likely to be required to establish the context.
      Parameters:
      inToken -
      Returns:
      - a Kerberos token
      Throws:
      ZosSecurityManagerException

    • unwrap

      public String unwrap(String base64EncodedWrappedMessage) throws ZosSecurityManagerException
      This method accepts and returns base64 encoded messages. It will decode the input, call unwrap(byte[]), encode the result and return it.
      Parameters:
      base64EncodedWrappedMessage -
      Returns:
      - decoded string
      Throws:
      ZosSecurityManagerException

    • unwrap

      public byte[] unwrap(byte[] wrappedMessage) throws ZosSecurityManagerException
      This method will use the context to unwrap a message wrapped on the other side of the context
      Parameters:
      wrappedMessage -
      Returns:
      - decoded bytes
      Throws:
      ZosSecurityManagerException

    • dispose

      public void dispose()
      Dispose of the underlying security context, releasing any associated resources.

    • finalize

      public void finalize()
      Overrides:
      finalize in class Object