jdk-sandbox: comparison jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java

equal deleted inserted replaced

-:365eb4449319
+:4c792c19266e
 private boolean mutualAuthState = true;
 private boolean replayDetState = true;
 private boolean sequenceDetState = true;
 private boolean confState = true;
 private boolean integState = true;
+private boolean delegPolicyState = false;
 private GSSNameSpi peerName = null;
 private GSSNameSpi myName = null;
 private SpNegoCredElement myCred = null;
 if (state == STATE_NEW && isInitiator())
 integState  = value;
 }
 /**
+* Requests that deleg policy be respected.
+*/
+public final void requestDelegPolicy(boolean value) throws GSSException {
+if (state == STATE_NEW && isInitiator())
+delegPolicyState = value;
+}
+/**
 * Is integrity available?
 */
 public final boolean getIntegState() {
 return integState;
+}
+/**
+* Is deleg policy respected?
+*/
+public final boolean getDelegPolicyState() {
+if (isInitiator() && mechContext != null &&
+mechContext instanceof ExtendedGSSContext &&
+(state == STATE_IN_PROCESS || state == STATE_DONE)) {
+return ((ExtendedGSSContext)mechContext).getDelegPolicyState();
+} else {
+return delegPolicyState;
+}
 }
 /**
 * Requests that credential delegation be done during context
 * establishment.
 /**
 * Is credential delegation enabled?
 */
 public final boolean getCredDelegState() {
-if (mechContext != null &&
+if (isInitiator() && mechContext != null &&
 (state == STATE_IN_PROCESS || state == STATE_DONE)) {
 return mechContext.getCredDelegState();
 } else {
 return credDelegState;
 }
 * perspective, it essentially meas that the server is being
 * authenticated.
 */
 public final boolean getMutualAuthState() {
 return mutualAuthState;
-}
-final void setCredDelegState(boolean state) {
-credDelegState = state;
-}
-final void setMutualAuthState(boolean state) {
-mutualAuthState = state;
-}
-final void setReplayDetState(boolean state) {
-replayDetState = state;
-}
-final void setSequenceDetState(boolean state) {
-sequenceDetState = state;
-}
-final void setConfState(boolean state) {
-confState = state;
-}
-final void setIntegState(boolean state) {
-integState = state;
 }
 /**
 * Returns the mechanism oid.
 *
 new GSSException(GSSException.FAILURE, -1, e.getMessage());
 gssException.initCause(e);
 throw gssException;
 }
+if (state == STATE_DONE) {
+// now set the context flags for acceptor
+setContextFlags();
+}
 return retVal;
 }
 /**
 * obtain the available mechanisms
 if (getIntegState()) out.set(6, true);
 return out;
 }
+// Only called on acceptor side. On the initiator side, most flags
+// are already set at request. For those that might get chanegd,
+// state from mech below is used.
 private void setContextFlags() {
 if (mechContext != null) {
 // default for cred delegation is false
 if (mechContext.getCredDelegState()) {
-setCredDelegState(true);
+credDelegState = true;
 }
 // default for the following are true
 if (!mechContext.getMutualAuthState()) {
-setMutualAuthState(false);
+mutualAuthState = false;
 }
 if (!mechContext.getReplayDetState()) {
-setReplayDetState(false);
+replayDetState = false;
 }
 if (!mechContext.getSequenceDetState()) {
-setSequenceDetState(false);
+sequenceDetState = false;
 }
 if (!mechContext.getIntegState()) {
-setIntegState(false);
+integState = false;
 }
 if (!mechContext.getConfState()) {
-setConfState(false);
+confState = false;
 }
 }
 }
 /**
 mechContext.requestInteg(integState);
 mechContext.requestCredDeleg(credDelegState);
 mechContext.requestMutualAuth(mutualAuthState);
 mechContext.requestReplayDet(replayDetState);
 mechContext.requestSequenceDet(sequenceDetState);
+if (mechContext instanceof ExtendedGSSContext) {
+((ExtendedGSSContext)mechContext).requestDelegPolicy(
+delegPolicyState);
+}
 }
 // pass token
 if (token != null) {
 tok = token;
 } else {
 throw new GSSException(GSSException.BAD_MECH, -1,
 "inquireSecContext not supported by underlying mech.");
 }
 }
 }

changeset 4336	4c792c19266e
parent 3482	4aaa66ce712d
child 4337	2a6d13ebbbed