//*************************************************************************** // (c) Copyright IBM Corp. 2007 All rights reserved. // // The following sample of source code ("Sample") is owned by International // Business Machines Corporation or one of its subsidiaries ("IBM") and is // copyrighted and licensed, not sold. You may use, copy, modify, and // distribute the Sample in any form without payment to IBM, for the purpose of // assisting you in the development of your applications. // // The Sample code is provided to you on an "AS IS" basis, without warranty of // any kind. IBM HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR // IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do // not allow for the exclusion or limitation of implied warranties, so the above // limitations or exclusions may not apply to you. IBM shall not be liable for // any damages you suffer as a result of using, copying, modifying or // distributing the Sample, even if IBM has been advised of the possibility of // such damages. //*************************************************************************** // // SOURCE FILE NAME: JCCSimpleCredential.java // // SAMPLE: This file is used by JCCSimpleGSSPlugin to implement a JCC // GSS-API plugin sample // // None //*************************************************************************** // // For more information on the sample programs, see the README file. // // For information on developing Java applications see the Developing Java Applications book. // // For information on using SQL statements, see the SQL Reference. // // For the latest information on programming, compiling, and running DB2 // applications, visit the DB2 Information Center at // http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp //**************************************************************************/ import java.io.InputStream; import java.io.OutputStream; import org.ietf.jgss.*; public class JCCSimpleGSSCredential implements org.ietf.jgss.GSSCredential { private String userid_; private String password_; public JCCSimpleGSSCredential(String uid, String pwd) { userid_ = uid; password_ = pwd; } public String getUserid() { return userid_; } public String getPassword() { return password_; } /** * Releases any sensitive information that the GSSCredential object may * be containing. Applications should call this method as soon as the * credential is no longer needed to minimize the time any sensitive * information is maintained. * * @throws GSSException containing the following * major error codes: * {@link GSSException#FAILURE GSSException.FAILURE} */ public void dispose() throws GSSException //this is equivalent to gss_release_cred { userid_ = null; password_ = null; } /** * Retrieves the name of the entity that the credential asserts. * * @return a GSSName representing the entity * * @throws GSSException containing the following * major error codes: * {@link GSSException#FAILURE GSSException.FAILURE} */ public GSSName getName() throws GSSException { return new JCCSimpleGSSName(userid_); } /** * Retrieves a Mechanism Name of the entity that the credential * asserts. This is equivalent to calling {@link * GSSName#canonicalize(Oid) canonicalize} on the value returned by * the other form of {@link #getName() getName}. * * @param mech the Oid of the mechanism for which the Mechanism Name * should be returned. * @return a GSSName representing the entity canonicalized for the * desired mechanism * * @throws GSSException containing the following * major error codes: * {@link GSSException#BAD_MECH GSSException.BAD_MECH}, * {@link GSSException#FAILURE GSSException.FAILURE} */ public GSSName getName(Oid mech) throws GSSException { throw new JCCSimpleGSSException(0,"getName(Oid mech) method isn't implemented."); } /** * Returns the remaining lifetime in seconds for a credential. The * remaining lifetime is the minimum lifetime amongst all of the underlying * mechanism specific credential elements. * * @return the minimum remaining lifetime in seconds for this * credential. A return value of {@link #INDEFINITE_LIFETIME * INDEFINITE_LIFETIME} indicates that the credential does * not expire. A return value of 0 indicates that the credential is * already expired. * * @see #getRemainingInitLifetime(Oid) * @see #getRemainingAcceptLifetime(Oid) * * @throws GSSException containing the following * major error codes: * {@link GSSException#FAILURE GSSException.FAILURE} */ public int getRemainingLifetime() throws GSSException { return INDEFINITE_LIFETIME; } /** * Returns the lifetime in seconds for the credential to remain capable * of initiating security contexts using the specified mechanism. This * method queries the initiator credential element that belongs to the * specified mechanism. * * @return the number of seconds remaining in the life of this credential * element. A return value of {@link #INDEFINITE_LIFETIME * INDEFINITE_LIFETIME} indicates that the credential element does not * expire. A return value of 0 indicates that the credential element is * already expired. * * @param mech the Oid of the mechanism whose intiator credential element * should be queried. * * @throws GSSException containing the following * major error codes: * {@link GSSException#BAD_MECH GSSException.BAD_MECH}, * {@link GSSException#FAILURE GSSException.FAILURE} */ public int getRemainingInitLifetime(Oid mech) throws GSSException { return INDEFINITE_LIFETIME; } /** * Returns the lifetime in seconds for the credential to remain capable * of accepting security contexts using the specified mechanism. This * method queries the acceptor credential element that belongs to the * specified mechanism. * * @return the number of seconds remaining in the life of this credential * element. A return value of {@link #INDEFINITE_LIFETIME * INDEFINITE_LIFETIME} indicates that the credential element does not * expire. A return value of 0 indicates that the credential element is * already expired. * * @param mech the Oid of the mechanism whose acceptor credential element * should be queried. * * @throws GSSException containing the following * major error codes: * {@link GSSException#BAD_MECH GSSException.BAD_MECH}, * {@link GSSException#FAILURE GSSException.FAILURE} */ public int getRemainingAcceptLifetime(Oid mech) throws GSSException { return INDEFINITE_LIFETIME; } /** * Returns the credential usage mode. In other words, it * tells us if this credential can be used for initiating or accepting * security contexts. It does not tell us which mechanism(s) has to be * used in order to do so. It is expected that an application will allow * the GSS-API to pick a default mechanism after calling this method. * * @return The return value will be one of {@link #INITIATE_ONLY * INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link * #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}. * * @throws GSSException containing the following * major error codes: * {@link GSSException#FAILURE GSSException.FAILURE} */ public int getUsage() throws GSSException { return INITIATE_AND_ACCEPT; } /** * Returns the credential usage mode for a specific mechanism. In other * words, it tells us if this credential can be used * for initiating or accepting security contexts with a given underlying * mechanism. * * @return The return value will be one of {@link #INITIATE_ONLY * INITIATE_ONLY}, {@link #ACCEPT_ONLY ACCEPT_ONLY}, and {@link * #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}. * @param mech the Oid of the mechanism whose credentials usage mode is * to be determined. * * @throws GSSException containing the following * major error codes: * {@link GSSException#BAD_MECH GSSException.BAD_MECH}, * {@link GSSException#FAILURE GSSException.FAILURE} */ public int getUsage(Oid mech) throws GSSException { return INITIATE_AND_ACCEPT; } /** * Returns a list of mechanisms supported by this credential. It does * not tell us which ones can be used to initiate * contexts and which ones can be used to accept contexts. The * application must call the {@link #getUsage(Oid) getUsage} method with * each of the returned Oid's to determine the possible modes of * usage. * * @return an array of Oid's corresponding to the supported mechanisms. * * @throws GSSException containing the following * major error codes: * {@link GSSException#FAILURE GSSException.FAILURE} */ public Oid[] getMechs() throws GSSException { throw new JCCSimpleGSSException(0,"getMechs() is not implemented"); } /** * Adds a mechanism specific credential-element to an existing * credential. This method allows the construction of credentials, one * mechanism at a time.<p> * * This routine is envisioned to be used mainly by context acceptors * during the creation of acceptor credentials which are to be used * with a variety of clients using different security mechanisms.<p> * * This routine adds the new credential element "in-place". To add the * element in a new credential, first call <code>clone</code> to obtain a * copy of this credential, then call its <code>add</code> method.<p> * * As always, GSS-API implementations must impose a local access-control * policy on callers to prevent unauthorized callers from acquiring * credentials to which they are not entitled. * * Non-default values for initLifetime and acceptLifetime cannot always * be honored by the underlying mechanisms, thus callers should be * prepared to call {@link #getRemainingInitLifetime(Oid) * getRemainingInitLifetime} and {@link #getRemainingAcceptLifetime(Oid) * getRemainingAcceptLifetime} on the credential. * * @param name the name of the principal for whom this credential is to * be acquired. Use <code>null</code> to specify the default * principal. * @param initLifetime the number of seconds that the credential element * should remain valid for initiating of security contexts. Use {@link * GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME} * to request that the credentials have the maximum permitted lifetime * for this. Use {@link GSSCredential#DEFAULT_LIFETIME * GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime * for this. * @param acceptLifetime the number of seconds that the credential * element should remain valid for accepting security contexts. Use {@link * GSSCredential#INDEFINITE_LIFETIME GSSCredential.INDEFINITE_LIFETIME} * to request that the credentials have the maximum permitted lifetime * for this. Use {@link GSSCredential#DEFAULT_LIFETIME * GSSCredential.DEFAULT_LIFETIME} to request default credential lifetime * for this. * @param mech the mechanism over which the credential is to be acquired. * @param usage the usage mode that this credential * element should add to the credential. The value * of this parameter must be one of: * {@link #INITIATE_AND_ACCEPT INITIATE_AND_ACCEPT}, * {@link #ACCEPT_ONLY ACCEPT_ONLY}, and * {@link #INITIATE_ONLY INITIATE_ONLY}. * * @throws GSSException containing the following * major error codes: * {@link GSSException#DUPLICATE_ELEMENT * GSSException.DUPLICATE_ELEMENT}, * {@link GSSException#BAD_MECH GSSException.BAD_MECH}, * {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE}, * {@link GSSException#NO_CRED GSSException.NO_CRED}, * {@link GSSException#CREDENTIALS_EXPIRED * GSSException.CREDENTIALS_EXPIRED}, * {@link GSSException#FAILURE GSSException.FAILURE} */ public void add(GSSName name, int initLifetime, int acceptLifetime, Oid mech, int usage) throws GSSException { throw new JCCSimpleGSSException(0,"add(GSSName name, int initLifetime, int acceptLifetime,Oid mech, int usage) is not implemented"); } /** * Tests if this GSSCredential asserts the same entity as the supplied * object. The two credentials must be acquired over the same * mechanisms and must refer to the same principal. * * @return <code>true</code> if the two GSSCredentials assert the same * entity; <code>false</code> otherwise. * @param another another GSSCredential for comparison to this one */ public boolean equals(Object another) { if (another instanceof JCCSimpleGSSCredential) return (userid_ == ((JCCSimpleGSSCredential)another).getUserid() && password_ == ((JCCSimpleGSSCredential)another).getPassword()); else return false; } /** * Returns a hashcode value for this GSSCredential. * * @return a hashCode value */ public int hashCode() { //not used by JCC. return 0 return 0; } }