--- a/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Wed Nov 25 08:24:58 2009 -0800
+++ b/jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Fri Nov 27 08:51:28 2009 +0800
@@ -63,6 +63,7 @@
private boolean sequenceDetState = true;
private boolean confState = true;
private boolean integState = true;
+ private boolean delegPolicyState = false;
private GSSNameSpi peerName = null;
private GSSNameSpi myName = null;
@@ -154,6 +155,14 @@
}
/**
+ * Requests that deleg policy be respected.
+ */
+ public final void requestDelegPolicy(boolean value) throws GSSException {
+ if (state == STATE_NEW && isInitiator())
+ delegPolicyState = value;
+ }
+
+ /**
* Is integrity available?
*/
public final boolean getIntegState() {
@@ -161,6 +170,19 @@
}
/**
+ * Is deleg policy respected?
+ */
+ public final boolean getDelegPolicyState() {
+ if (isInitiator() && mechContext != null &&
+ mechContext instanceof ExtendedGSSContext &&
+ (state == STATE_IN_PROCESS || state == STATE_DONE)) {
+ return ((ExtendedGSSContext)mechContext).getDelegPolicyState();
+ } else {
+ return delegPolicyState;
+ }
+ }
+
+ /**
* Requests that credential delegation be done during context
* establishment.
*/
@@ -173,7 +195,7 @@
* Is credential delegation enabled?
*/
public final boolean getCredDelegState() {
- if (mechContext != null &&
+ if (isInitiator() && mechContext != null &&
(state == STATE_IN_PROCESS || state == STATE_DONE)) {
return mechContext.getCredDelegState();
} else {
@@ -201,30 +223,6 @@
return mutualAuthState;
}
- final void setCredDelegState(boolean state) {
- credDelegState = state;
- }
-
- final void setMutualAuthState(boolean state) {
- mutualAuthState = state;
- }
-
- final void setReplayDetState(boolean state) {
- replayDetState = state;
- }
-
- final void setSequenceDetState(boolean state) {
- sequenceDetState = state;
- }
-
- final void setConfState(boolean state) {
- confState = state;
- }
-
- final void setIntegState(boolean state) {
- integState = state;
- }
-
/**
* Returns the mechanism oid.
*
@@ -653,6 +651,10 @@
throw gssException;
}
+ if (state == STATE_DONE) {
+ // now set the context flags for acceptor
+ setContextFlags();
+ }
return retVal;
}
@@ -703,28 +705,31 @@
return out;
}
+ // Only called on acceptor side. On the initiator side, most flags
+ // are already set at request. For those that might get chanegd,
+ // state from mech below is used.
private void setContextFlags() {
if (mechContext != null) {
// default for cred delegation is false
if (mechContext.getCredDelegState()) {
- setCredDelegState(true);
+ credDelegState = true;
}
// default for the following are true
if (!mechContext.getMutualAuthState()) {
- setMutualAuthState(false);
+ mutualAuthState = false;
}
if (!mechContext.getReplayDetState()) {
- setReplayDetState(false);
+ replayDetState = false;
}
if (!mechContext.getSequenceDetState()) {
- setSequenceDetState(false);
+ sequenceDetState = false;
}
if (!mechContext.getIntegState()) {
- setIntegState(false);
+ integState = false;
}
if (!mechContext.getConfState()) {
- setConfState(false);
+ confState = false;
}
}
}
@@ -837,6 +842,10 @@
mechContext.requestMutualAuth(mutualAuthState);
mechContext.requestReplayDet(replayDetState);
mechContext.requestSequenceDet(sequenceDetState);
+ if (mechContext instanceof ExtendedGSSContext) {
+ ((ExtendedGSSContext)mechContext).requestDelegPolicy(
+ delegPolicyState);
+ }
}
// pass token
@@ -1202,5 +1211,5 @@
"inquireSecContext not supported by underlying mech.");
}
}
+}
-}