2 // Novell.Directory.Ldap.Security.CreateContextPrivilegedAction.cs
5 // Boris Kirzner <borsk@mainsoft.com>
6 // Konstantin Triger <kostat@mainsoft.com>
8 // (C) 2005 Mainsoft Corporation (http://www.mainsoft.com)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using java.security;
\r
35 using org.ietf.jgss;
\r
37 namespace Novell.Directory.Ldap.Security
\r
39 internal class CreateContextPrivilegedAction : PrivilegedAction
\r
43 private readonly bool _encryption;
\r
44 private readonly bool _signing;
\r
45 private readonly bool _delegation;
\r
46 private readonly string _name;
\r
47 private readonly string _clientName;
\r
48 private readonly string _mech;
\r
52 #region Constructors
\r
54 public CreateContextPrivilegedAction(string name, string clientName, string mech, bool encryption, bool signing, bool delegation)
\r
57 _clientName = clientName;
\r
59 _encryption = encryption;
\r
61 _delegation = delegation;
\r
64 #endregion // Constructors
\r
71 Oid krb5Oid = new Oid (_mech);
\r
72 GSSManager manager = GSSManager.getInstance ();
\r
73 GSSName clientName =
\r
74 manager.createName(_clientName, GSSName__Finals.NT_USER_NAME);
\r
75 GSSCredential clientCreds =
\r
76 manager.createCredential(clientName,
\r
77 GSSContext__Finals.INDEFINITE_LIFETIME,
\r
79 GSSCredential__Finals.INITIATE_ONLY);
\r
82 GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
\r
83 GSSContext context = manager.createContext (serverName, krb5Oid, clientCreds, GSSContext__Finals.INDEFINITE_LIFETIME);
\r
85 context.requestMutualAuth(true);
\r
86 context.requestConf (_encryption);
\r
87 if (!_encryption || _signing)
\r
88 context.requestInteg (!_encryption || _signing);
\r
89 context.requestCredDeleg (_delegation);
\r
94 // // Calling this throws GSSException: Operation unavailable...
\r
95 // clientCreds.dispose();
\r
98 catch (GSSException e) {
\r
99 throw new PrivilegedActionException (e);
\r
103 #endregion // Methods
\r