airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ramin...@apache.org
Subject [3/9] airavata git commit: Fixed the disribution and tested the SSH protocol communication to different machines. AIRAVATA-1585 AIRAVATA-1595
Date Wed, 25 Feb 2015 03:29:19 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/9a6eaaae/tools/gsissh/src/main/java/edu/illinois/ncsa/BCGSS/BCGSSContextImpl.java
----------------------------------------------------------------------
diff --git a/tools/gsissh/src/main/java/edu/illinois/ncsa/BCGSS/BCGSSContextImpl.java b/tools/gsissh/src/main/java/edu/illinois/ncsa/BCGSS/BCGSSContextImpl.java
index 66b26b1..be8478f 100644
--- a/tools/gsissh/src/main/java/edu/illinois/ncsa/BCGSS/BCGSSContextImpl.java
+++ b/tools/gsissh/src/main/java/edu/illinois/ncsa/BCGSS/BCGSSContextImpl.java
@@ -1,1447 +1,1447 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package edu.illinois.ncsa.BCGSS;
-
-import org.bouncycastle.jce.provider.X509CertificateObject;
-import org.globus.gsi.*;
-import org.globus.gsi.bc.*;
-import org.globus.gsi.gssapi.*;
-import org.globus.gsi.util.*;
-import org.gridforum.jgss.*;
-import org.ietf.jgss.*;
-import org.ietf.jgss.Oid;
-import sun.reflect.generics.reflectiveObjects.NotImplementedException;
-
-import java.io.*;
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-import java.util.*;
-
-public class BCGSSContextImpl implements ExtendedGSSContext {
-    /**
-     * Used to distinguish between a token created by
-     * <code>wrap</code> with {@link GSSConstants#GSI_BIG
-     * GSSConstants.GSI_BIG}
-     * QoP and a regular token created by <code>wrap</code>.
-     */
-    public static final int GSI_WRAP = 26;
-    /**
-     * SSL3_RT_GSSAPI_OPENSSL
-     */
-
-    private static final int GSI_SEQUENCE_SIZE = 8;
-
-    private static final int GSI_MESSAGE_DIGEST_PADDING = 12;
-
-    private static final byte[] SSLHANDSHAKE_PAD_1 = {0x36};
-
-    private static final String[] NO_ENCRYPTION = {"SSL_RSA_WITH_NULL_MD5"};
-
-    private static final String[] ENABLED_PROTOCOLS = {"TLSv1", "SSLv3"};
-
-    private static final byte[] DELEGATION_TOKEN =
-            new byte[]{GSIConstants.DELEGATION_CHAR};
-
-    /**
-     * Handshake state
-     */
-    protected int state = HANDSHAKE;
-
-    /* handshake states */
-    private static final int
-            HANDSHAKE = 0,
-            CLIENT_START_DEL = 2,
-            CLIENT_END_DEL = 3,
-            SERVER_START_DEL = 4,
-            SERVER_END_DEL = 5;
-
-    /**
-     * Delegation state
-     */
-    protected int delegationState = DELEGATION_START;
-
-    /* delegation states */
-    private static final int
-            DELEGATION_START = 0,
-            DELEGATION_SIGN_CERT = 1,
-            DELEGATION_COMPLETE_CRED = 2;
-
-    /**
-     * Delegation finished indicator
-     */
-    protected boolean delegationFinished = false;
-
-    // gss context state variables
-    protected boolean credentialDelegation = false;
-    protected boolean anonymity = false;
-    protected boolean encryption = false;
-    protected boolean established = false;
-
-    /**
-     * The name of the context initiator
-     */
-    protected GSSName sourceName = null;
-
-    /**
-     * The name of the context acceptor
-     */
-    protected GSSName targetName = null;
-
-    // these can be set via setOption
-    protected GSIConstants.DelegationType delegationType =
-            GSIConstants.DelegationType.LIMITED;
-    protected Integer gssMode = GSIConstants.MODE_GSI;
-    protected Boolean checkContextExpiration = Boolean.FALSE;
-    protected Boolean rejectLimitedProxy = Boolean.FALSE;
-    protected Boolean requireClientAuth = Boolean.TRUE;
-    protected Boolean acceptNoClientCerts = Boolean.FALSE;
-    protected Boolean requireAuthzWithDelegation = Boolean.TRUE;
-
-    // *** implementation-specific variables ***
-
-    /**
-     * Credential of this context. Might be anonymous
-     */
-    protected GlobusGSSCredentialImpl ctxCred;
-
-    /**
-     * Expected target name. Used for authorization in initiator
-     */
-    protected GSSName expectedTargetName = null;
-
-    /**
-     * Context expiration date.
-     */
-    protected Date goodUntil = null;
-
-    protected boolean conn = false;
-
-    protected BouncyCastleCertProcessingFactory certFactory;
-
-    protected Map proxyPolicyHandlers;
-
-    /**
-     * Limited peer credentials
-     */
-    protected Boolean peerLimited = null;
-
-    private TlsHandlerUtil tlsHU = null;
-    private GlobusTlsClient tlsClient = null;
-    private GlobusTlsCipherFactory cipherFactory = null;
-
-    /**
-     *
-     * @param target
-     * @param cred
-     * @throws org.ietf.jgss.GSSException
-     */
-    public BCGSSContextImpl(GSSName target, GlobusGSSCredentialImpl cred)
-            throws GSSException {
-        if (cred == null) {
-            throw new GSSException(GSSException.NO_CRED);
-        }
-
-        this.expectedTargetName = target;
-        this.ctxCred = cred;
-    }
-
-    /**
-     *
-     * @throws org.globus.gsi.gssapi.GlobusGSSException
-     */
-    private void init() throws GlobusGSSException {
-        this.certFactory = BouncyCastleCertProcessingFactory.getDefault();
-        this.state = HANDSHAKE;
-
-
-        try {
-            this.cipherFactory = new GlobusTlsCipherFactory();
-            this.tlsClient =
-                    new GlobusTlsClient(this.ctxCred.getX509Credential(),
-                                        this.cipherFactory);
-        } catch (Exception e) {
-            throw new GlobusGSSException(GSSException.FAILURE, e);
-        }
-
-        // TODO: set enabled cipher suites in client?
-        // TODO: enable null encryption ciphers on user request?
-
-        /*
-       TlsProtocolVersion[] tlsVersion =
-            new TlsProtocolVersion[] {TlsProtocolVersion.TLSv10,
-                                      TlsProtocolVersion.SSLv3};
-                                      */
-            //new TlsProtocolVersion[] {TlsProtocolVersion.TLSv10};
-            //new TlsProtocolVersion[] {TlsProtocolVersion.SSLv3};
-
-       //this.tlsHU = new TlsHandlerUtil(this.tlsClient, tlsVersion);
-        this.tlsHU = new TlsHandlerUtil(this.tlsClient);
-    }
-
-    /**
-     *
-     * @param cert
-     * @return
-     * @throws GSSException
-     */
-    private X509Certificate bcConvert(X509Certificate cert)
-            throws GSSException {
-        if (!(cert instanceof X509CertificateObject)) {
-            try {
-                return CertificateLoadUtil.loadCertificate(new ByteArrayInputStream(cert.getEncoded()));
-            } catch (Exception e) {
-                throw new GlobusGSSException(GSSException.FAILURE, e);
-            }
-        } else {
-            return cert;
-        }
-    }
-
-    private void handshakeFinished()
-            throws IOException {
-        //TODO: enable encryption depending on cipher suite decided in handshake
-        this.encryption = true;
-        //System.out.println("encryption alg: " + cs);
-    }
-
-    /**
-     *
-     */
-    private void setDone() {
-        this.established = true;
-    }
-
-    /**
-     *
-     * @param date
-     */
-    private void setGoodUntil(Date date) {
-        if (this.goodUntil == null) {
-            this.goodUntil = date;
-        } else if (date.before(this.goodUntil)) {
-            this.goodUntil = date;
-        }
-    }
-
-    /**
-     *
-     * @throws GSSException
-     */
-    protected void checkContext()
-            throws GSSException {
-        if (!this.conn || !isEstablished()) {
-            throw new GSSException(GSSException.NO_CONTEXT);
-        }
-
-        if (this.checkContextExpiration && getLifetime() <= 0) {
-            throw new GSSException(GSSException.CONTEXT_EXPIRED);
-        }
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setGssMode(Object value)
-            throws GSSException {
-        if (!(value instanceof Integer)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"GSS mode", Integer.class});
-        }
-        Integer v = (Integer) value;
-        if (v.equals(GSIConstants.MODE_GSI) ||
-                v.equals(GSIConstants.MODE_SSL)) {
-            this.gssMode = v;
-        } else {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "badGssMode");
-        }
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setDelegationType(Object value)
-            throws GSSException {
-        GSIConstants.DelegationType v;
-        if (value instanceof GSIConstants.DelegationType)
-            v = (GSIConstants.DelegationType) value;
-        else if (value instanceof Integer) {
-            v = GSIConstants.DelegationType.get(((Integer) value).intValue());
-        } else {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"delegation type",
-                            GSIConstants.DelegationType.class});
-        }
-        if (v == GSIConstants.DelegationType.FULL ||
-                v == GSIConstants.DelegationType.LIMITED) {
-            this.delegationType = v;
-        } else {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "badDelegType");
-        }
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setCheckContextExpired(Object value)
-            throws GSSException {
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"check context expired", Boolean.class});
-        }
-        this.checkContextExpiration = (Boolean) value;
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setRejectLimitedProxy(Object value)
-            throws GSSException {
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"reject limited proxy", Boolean.class});
-        }
-        this.rejectLimitedProxy = (Boolean) value;
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setRequireClientAuth(Object value)
-            throws GSSException {
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"require client auth", Boolean.class});
-        }
-        this.requireClientAuth = (Boolean) value;
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setRequireAuthzWithDelegation(Object value)
-            throws GSSException {
-
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"require authz with delehation",
-                            Boolean.class});
-        }
-        this.requireAuthzWithDelegation = (Boolean) value;
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setAcceptNoClientCerts(Object value)
-            throws GSSException {
-        if (!(value instanceof Boolean)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"accept no client certs", Boolean.class});
-        }
-        this.acceptNoClientCerts = (Boolean) value;
-    }
-
-    /**
-     *
-     * @param value
-     * @throws GSSException
-     */
-    protected void setProxyPolicyHandlers(Object value)
-            throws GSSException {
-        if (!(value instanceof Map)) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION_TYPE,
-                    "badType",
-                    new Object[]{"Proxy policy handlers",
-                            Map.class});
-        }
-        this.proxyPolicyHandlers = (Map) value;
-    }
-
-    /////////////////////////////////////////////////////////////////////
-    /////////////////////////////////////////////////////////////////////
-    /////////////////////////////////////////////////////////////////////
-
-    // Methods below are part of the (Extended)GSSContext implementation
-
-    /////////////////////////////////////////////////////////////////////
-    /////////////////////////////////////////////////////////////////////
-    /////////////////////////////////////////////////////////////////////
-
-    /**
-     *
-     * @param option
-     *        option type.
-     * @param value
-     *        option value.
-     * @throws GSSException
-     */
-    public void setOption(Oid option, Object value) throws GSSException {
-        if (option == null) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_ARGUMENT,
-                    "nullOption");
-        }
-        if (value == null) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_ARGUMENT,
-                    "nullOptionValue");
-        }
-
-        if (option.equals(GSSConstants.GSS_MODE)) {
-            setGssMode(value);
-        } else if (option.equals(GSSConstants.DELEGATION_TYPE)) {
-            setDelegationType(value);
-        } else if (option.equals(GSSConstants.CHECK_CONTEXT_EXPIRATION)) {
-            setCheckContextExpired(value);
-        } else if (option.equals(GSSConstants.REJECT_LIMITED_PROXY)) {
-            setRejectLimitedProxy(value);
-        } else if (option.equals(GSSConstants.REQUIRE_CLIENT_AUTH)) {
-            setRequireClientAuth(value);
-        } else if (option.equals(GSSConstants.TRUSTED_CERTIFICATES)) {
-            // setTrustedCertificates(value);
-            throw new GSSException(GSSException.UNAVAILABLE);
-        } else if (option.equals(GSSConstants.PROXY_POLICY_HANDLERS)) {
-            setProxyPolicyHandlers(value);
-        } else if (option.equals(GSSConstants.ACCEPT_NO_CLIENT_CERTS)) {
-            setAcceptNoClientCerts(value);
-        } else if (option.equals(GSSConstants
-                .AUTHZ_REQUIRED_WITH_DELEGATION)) {
-            setRequireAuthzWithDelegation(value);
-        } else {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.UNKNOWN_OPTION,
-                    "unknownOption",
-                    new Object[]{option});
-        }
-    }
-
-    /**
-     *
-     * @param option
-     * @return
-     * @throws GSSException
-     */
-    public Object getOption(Oid option) throws GSSException {
-        if (option == null) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_ARGUMENT,
-                    "nullOption");
-        }
-
-        if (option.equals(GSSConstants.GSS_MODE)) {
-            return this.gssMode;
-        } else if (option.equals(GSSConstants.DELEGATION_TYPE)) {
-            return this.delegationType;
-        } else if (option.equals(GSSConstants.CHECK_CONTEXT_EXPIRATION)) {
-            return this.checkContextExpiration;
-        } else if (option.equals(GSSConstants.REJECT_LIMITED_PROXY)) {
-            return this.rejectLimitedProxy;
-        } else if (option.equals(GSSConstants.REQUIRE_CLIENT_AUTH)) {
-            return this.requireClientAuth;
-        } else if (option.equals(GSSConstants.TRUSTED_CERTIFICATES)) {
-            // return this.tc;
-            throw new GSSException(GSSException.UNAVAILABLE);
-        } else if (option.equals(GSSConstants.PROXY_POLICY_HANDLERS)) {
-            // return this.proxyPolicyHandlers;
-            throw new GSSException(GSSException.UNAVAILABLE);
-        } else if (option.equals(GSSConstants.ACCEPT_NO_CLIENT_CERTS)) {
-            return this.acceptNoClientCerts;
-        }
-
-        return null;
-    }
-
-    /**
-     * Initiate the delegation of a credential.
-     *
-     * This function drives the initiating side of the credential
-     * delegation process. It is expected to be called in tandem with the
-     * {@link #acceptDelegation(int, byte[], int, int) acceptDelegation}
-     * function.
-     * <BR>
-     * The behavior of this function can be modified by
-     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
-     * and
-     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE} context
-     * options.
-     * The {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
-     * option controls delegation type to be performed. The
-     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE}
-     * option if set to
-     * {@link org.globus.gsi.GSIConstants#MODE_SSL GSIConstants.MODE_SSL}
-     * results in tokens that are not wrapped.
-     *
-     * @param credential
-     *        The credential to be delegated. May be null
-     *        in which case the credential associated with the security
-     *        context is used.
-     * @param mechanism
-     *        The desired security mechanism. May be null.
-     * @param lifetime
-     *        The requested period of validity (seconds) of the delegated
-     *        credential.
-     * @return A token that should be passed to <code>acceptDelegation</code> if
-     *         <code>isDelegationFinished</code> returns false. May be null.
-     * @exception GSSException containing the following major error codes:
-     *            <code>GSSException.FAILURE</code>
-     */
-    public byte[] initDelegation(GSSCredential credential, Oid mechanism,
-                                 int lifetime, byte[] buf, int off, int len)
-            throws GSSException {
-        //TODO: implement this
-        return new byte[0];
-    }
-
-    /*
-     *  acceptDelegation unimplemented
-     */
-    public byte[] acceptDelegation(int i, byte[] bytes, int i1, int i2)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /*
-        getDelegatedCredential unimplemented (would be set by acceptDelegation)
-     */
-    public GSSCredential getDelegatedCredential() {
-        return null;
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean isDelegationFinished() {
-        return this.delegationFinished;
-    }
-
-    /**
-     * Retrieves arbitrary data about this context.
-     * Currently supported oid: <UL>
-     * <LI>
-     * {@link GSSConstants#X509_CERT_CHAIN GSSConstants.X509_CERT_CHAIN}
-     * returns certificate chain of the peer (<code>X509Certificate[]</code>).
-     * </LI>
-     * </UL>
-     *
-     * @param oid the oid of the information desired.
-     * @return the information desired. Might be null.
-     * @exception GSSException containing the following major error codes:
-     *            <code>GSSException.FAILURE</code>
-     */
-    public Object inquireByOid(Oid oid) throws GSSException {
-        if (oid == null) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_ARGUMENT,
-                    "nullOption");
-        }
-
-        if (oid.equals(GSSConstants.X509_CERT_CHAIN)) {
-            if (isEstablished()) {
-                // converting certs is slower but keeping converted certs
-                // takes lots of memory.
-                try {
-                    Certificate[] peerCerts;
-                    //TODO:  used to get this from
-                    //  SSLEngine.getSession().getPeerCertificates()
-                    peerCerts = null;
-                    if (peerCerts != null && peerCerts.length > 0) {
-                        return (X509Certificate[]) peerCerts;
-                    } else {
-                        return null;
-                    }
-                } catch (Exception e) {
-                    throw new GlobusGSSException(
-                            GSSException.DEFECTIVE_CREDENTIAL,
-                            e
-                    );
-                }
-            }
-        } else if (oid.equals(GSSConstants.RECEIVED_LIMITED_PROXY)) {
-            return this.peerLimited;
-        }
-
-        return null;
-    }
-
-    public void setBannedCiphers(String[] strings) {
-        //To change body of implemented methods use File | Settings | File Templates.
-        throw new NotImplementedException();
-    }
-
-    /**
-     * This function drives the initiating side of the context establishment
-     * process. It is expected to be called in tandem with the
-     * {@link #acceptSecContext(byte[], int, int) acceptSecContext} function.
-     * <BR>
-     * The behavior of context establishment process can be modified by
-     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE},
-     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}, and
-     * {@link GSSConstants#REJECT_LIMITED_PROXY GSSConstants.REJECT_LIMITED_PROXY}
-     * context options. If the {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE}
-     * option is set to
-     * {@link org.globus.gsi.GSIConstants#MODE_SSL GSIConstants.MODE_SSL}
-     * the context establishment process will be compatible with regular SSL
-     * (no credential delegation support). If the option is set to
-     * {@link org.globus.gsi.GSIConstants#MODE_GSI GSIConstants.GSS_MODE_GSI}
-     * credential delegation during context establishment process will performed.
-     * The delegation type to be performed can be set using the
-     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
-     * context option. If the {@link GSSConstants#REJECT_LIMITED_PROXY
-     * GSSConstants.REJECT_LIMITED_PROXY} option is enabled,
-     * a peer presenting limited proxy credential will be automatically
-     * rejected and the context establishment process will be aborted.
-     *
-     * @return a byte[] containing the token to be sent to the peer.
-     *         null indicates that no token is generated (needs more data).
-     */
-    public byte[] initSecContext(byte[] inBuff, int off, int len)
-            throws GSSException {
-
-        if (!this.conn) {
-            //System.out.println("enter initializing in initSecContext");
-            if (this.credentialDelegation) {
-                if (this.gssMode.equals(GSIConstants.MODE_SSL)) {
-                    throw new GlobusGSSException(GSSException.FAILURE,
-                            GlobusGSSException.BAD_ARGUMENT,
-                            "initCtx00");
-                }
-                if (this.anonymity) {
-                    throw new GlobusGSSException(GSSException.FAILURE,
-                            GlobusGSSException.BAD_ARGUMENT,
-                            "initCtx01");
-                }
-            }
-
-            if (this.anonymity || this.ctxCred.getName().isAnonymous()) {
-                this.anonymity = true;
-            } else {
-                this.anonymity = false;
-
-                if (ctxCred.getUsage() != GSSCredential.INITIATE_ONLY &&
-                    ctxCred.getUsage() != GSSCredential.INITIATE_AND_ACCEPT) {
-                    throw new GlobusGSSException(
-                            GSSException.DEFECTIVE_CREDENTIAL,
-                            GlobusGSSException.UNKNOWN,
-                            "badCredUsage");
-                }
-            }
-
-            init();
-
-            this.conn = true;
-        }
-
-        // Unless explicitly disabled, check if delegation is
-        // requested and expected target is null
-        if (!Boolean.FALSE.equals(this.requireAuthzWithDelegation)) {
-
-            if (this.expectedTargetName == null &&
-                    this.credentialDelegation) {
-                throw new GlobusGSSException(GSSException.FAILURE,
-                        GlobusGSSException.BAD_ARGUMENT,
-                        "initCtx02");
-            }
-        }
-
-        byte[] returnToken = null;
-
-        switch (state) {
-            case HANDSHAKE:
-                try {
-                    returnToken = this.tlsHU.nextHandshakeToken(inBuff);
-
-                    if (this.tlsHU.isHandshakeFinished()) {
-                        //System.out.println("initSecContext handshake finished");
-                        handshakeFinished(); // just enable encryption
-
-                        Certificate[] chain = this.tlsClient.getPeerCerts();
-                        if (!(chain instanceof X509Certificate[])) {
-                            throw new Exception(
-                               "Certificate chain not of type X509Certificate");
-                        }
-
-                        for (X509Certificate cert : (X509Certificate[]) chain) {
-                            setGoodUntil(cert.getNotAfter());
-                        }
-
-                        String identity = BouncyCastleUtil.getIdentity(
-                                bcConvert(
-                                        BouncyCastleUtil.getIdentityCertificate(
-                                                (X509Certificate[]) chain)));
-                        this.targetName =
-                                new GlobusGSSName(CertificateUtil.toGlobusID(
-                                        identity, false));
-
-                        this.peerLimited = ProxyCertificateUtil.isLimitedProxy(
-                                BouncyCastleUtil.getCertificateType(
-                                        (X509Certificate) chain[0]));
-
-                        // initiator
-                        if (this.anonymity) {
-                            this.sourceName = new GlobusGSSName();
-                        } else {
-                            for (X509Certificate cert :
-                                    ctxCred.getCertificateChain()) {
-                                setGoodUntil(cert.getNotAfter());
-                            }
-                            this.sourceName = this.ctxCred.getName();
-                        }
-
-                        // mutual authentication test
-                        if (this.expectedTargetName != null &&
-                           !this.expectedTargetName.equals(this.targetName)) {
-                            throw new GlobusGSSException(
-                                    GSSException.UNAUTHORIZED,
-                                    GlobusGSSException.BAD_NAME,
-                                    "authFailed00",
-                                    new Object[]{this.expectedTargetName,
-                                            this.targetName});
-                        }
-
-                        if (this.gssMode.equals(GSIConstants.MODE_GSI)) {
-                            this.state = CLIENT_START_DEL;
-                            // if there is a token to return then break
-                            // otherwise we fall through to delegation
-                            if (returnToken != null && returnToken.length > 0) {
-                                break;
-                            }
-                        } else {
-                            setDone();
-                            break;
-                        }
-
-                    } else { // handshake not complete yet
-                        break;
-                    }
-                } catch (IOException e) {
-                    throw new GlobusGSSException(GSSException.FAILURE, e);
-                } catch (Exception e) {
-                    throw new GlobusGSSException(GSSException.FAILURE, e);
-                }
-
-            case CLIENT_START_DEL:
-
-                // sanity check - might be invalid state
-                if (this.state != CLIENT_START_DEL ||
-                        (returnToken != null && returnToken.length > 0) ) {
-                    throw new GSSException(GSSException.FAILURE);
-                }
-
-                try {
-                    String deleg;
-
-                    if (getCredDelegState()) {
-                        deleg = Character.toString(
-                                GSIConstants.DELEGATION_CHAR);
-                        this.state = CLIENT_END_DEL;
-                    } else {
-                        deleg = Character.toString('0');
-                        setDone();
-                    }
-
-                    // TODO: Force ASCII encoding?
-                    byte[] a = deleg.getBytes();
-                    // SSL wrap the delegation token
-                    returnToken = this.tlsHU.wrap(a);
-                } catch (Exception e) {
-                    throw new GlobusGSSException(GSSException.FAILURE, e);
-                }
-
-                break;
-
-            case CLIENT_END_DEL:
-
-                if (inBuff == null || inBuff.length == 0) {
-                    throw new GSSException(GSSException.DEFECTIVE_TOKEN);
-                }
-
-                try {
-                    // SSL unwrap the token on the inBuff (it's a CSR)
-                    byte[] certReq = this.tlsHU.unwrap(inBuff);
-
-                    if (certReq.length == 0) break;
-
-                    X509Certificate[] chain =
-                            this.ctxCred.getCertificateChain();
-
-                    X509Certificate cert = this.certFactory.createCertificate(
-                            new ByteArrayInputStream(certReq),
-                            chain[0],
-                            this.ctxCred.getPrivateKey(),
-                            -1,
-                            BouncyCastleCertProcessingFactory.decideProxyType(
-                                    chain[0], this.delegationType));
-
-                    byte[] enc = cert.getEncoded();
-                    // SSL wrap the encoded cert and return that buffer
-                    returnToken = this.tlsHU.wrap(enc);
-                    setDone();
-                } catch (GeneralSecurityException e) {
-                    throw new GlobusGSSException(GSSException.FAILURE, e);
-                } catch (IOException e) {
-                    throw new GlobusGSSException(GSSException.FAILURE, e);
-                }
-
-                break;
-
-            default:
-                throw new GSSException(GSSException.FAILURE);
-        }
-
-        //TODO: Why is there a check for CLIENT_START_DEL?
-        if (returnToken != null && returnToken.length > 0 ||
-            this.state == CLIENT_START_DEL) {
-            return returnToken;
-        } else
-            return null;
-    }
-
-    /**
-     * It works just like
-     * {@link #initSecContext(byte[], int, int) initSecContext} method.
-     * It reads one SSL token from input stream, calls
-     * {@link #initSecContext(byte[], int, int) acceptSecContext} method and
-     * writes the output token to the output stream (if any)
-     * SSL token is not read on the initial call.
-     */
-    public int initSecContext(InputStream in, OutputStream out)
-            throws GSSException {
-        byte[] inToken = null;
-        try {
-            if (!this.conn) {
-                inToken = new byte[0];
-            } else {
-                inToken = SSLUtil.readSslMessage(in);
-            }
-            byte[] outToken = initSecContext(inToken, 0, inToken.length);
-            if (outToken != null) {
-                out.write(outToken);
-                return outToken.length;
-            } else {
-                return 0;
-            }
-        } catch (IOException e) {
-            throw new GlobusGSSException(GSSException.FAILURE, e);
-        }
-    }
-
-    /*
-        acceptSecContext not implemented
-     */
-    public byte[] acceptSecContext(byte[] bytes, int i, int i1)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /*
-        acceptSecContext not implemented
-     */
-    public void acceptSecContext(InputStream in, OutputStream out)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean isEstablished() {
-        return this.established;
-    }
-
-    /**
-     *
-     * @throws GSSException
-     */
-    public void dispose() throws GSSException {
-        // does nothing
-    }
-
-    /*
-        getWrapSizeLimit unimplemented
-     */
-    public int getWrapSizeLimit(int i, boolean b, int i1) throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-
-    /**
-     * Wraps a message for integrity and protection.
-     * Returns a GSI-wrapped token when privacy is not requested and
-     * QOP requested is set to
-     * {@link GSSConstants#GSI_BIG GSSConstants.GSI_BIG}. Otherwise
-     * a regular SSL-wrapped token is returned.
-     */
-    public byte[] wrap(byte[] inBuf, int off, int len, MessageProp prop)
-            throws GSSException {
-        checkContext();
-
-        byte[] token = null;
-        boolean doGSIWrap = false;
-
-        if (prop != null) {
-            if (prop.getQOP() != 0 && prop.getQOP() != GSSConstants.GSI_BIG) {
-                throw new GSSException(GSSException.BAD_QOP);
-            }
-            doGSIWrap = (!prop.getPrivacy() &&
-                    prop.getQOP() == GSSConstants.GSI_BIG);
-        }
-
-        if (doGSIWrap) {
-            throw new GSSException(GSSException.UNAVAILABLE);
-        } else {
-            try {
-                token = this.tlsHU.wrap(inBuf, off, len);
-            } catch (IOException e) {
-                throw new GlobusGSSException(GSSException.FAILURE, e);
-            }
-
-            if (prop != null) {
-                prop.setPrivacy(this.encryption);
-                prop.setQOP(0);
-            }
-        }
-
-        return token;
-    }
-
-    /*
-        wrap(InputStream, OutputStream) unimplemented
-     */
-    public void wrap(InputStream in, OutputStream out, MessageProp msgProp)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     * Unwraps a token generated by <code>wrap</code> method on the other side
-     * of the context.  The input token can either be a regular SSL-wrapped
-     * token or GSI-wrapped token. Upon return from the method the
-     * <code>MessageProp</code> object will contain the applied QOP and privacy
-     * state of the message. In case of GSI-wrapped token the applied QOP will
-     * be set to {@link GSSConstants#GSI_BIG GSSConstants.GSI_BIG}
-     */
-    public byte[] unwrap(byte[] inBuf, int off, int len, MessageProp prop)
-            throws GSSException {
-        checkContext();
-
-        byte[] token = null;
-
-        /*
-         * see if the token is a straight SSL packet or
-         * one of ours made by wrap using get_mic
-         */
-        if (inBuf[off] == GSI_WRAP &&
-                inBuf[off + 1] == 3 &&
-                inBuf[off + 2] == 0) {
-            throw new GSSException(GSSException.UNAVAILABLE);
-        } else {
-            try {
-                token = this.tlsHU.unwrap(inBuf, off, len);
-            } catch (IOException e) {
-                throw new GlobusGSSException(GSSException.FAILURE, e);
-            }
-
-            if (prop != null) {
-                prop.setPrivacy(this.encryption);
-                prop.setQOP(0);
-            }
-        }
-
-        return token;
-    }
-
-    /*
-        unwrap(InputStream, OutputStream) unimplemented
-     */
-    public void unwrap(InputStream in, OutputStream out, MessageProp msgProp)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @param inBuf
-     * @param off
-     * @param len
-     * @param prop
-     * @return
-     * @throws GSSException
-     */
-    public byte[] getMIC(byte[] inBuf, int off, int len, MessageProp prop)
-            throws GSSException {
-        checkContext();
-
-        if (prop != null && (prop.getQOP() != 0 || prop.getPrivacy())) {
-            throw new GSSException(GSSException.BAD_QOP);
-        }
-
-        long sequence = this.cipherFactory.getTlsBlockCipher().getWriteMac()
-                .getSequenceNumber();
-
-        int md_size = this.cipherFactory.getDigest().getDigestSize();
-
-        byte[] mic = new byte[GSI_MESSAGE_DIGEST_PADDING + md_size];
-
-        System.arraycopy(toBytes(sequence), 0, mic, 0, GSI_SEQUENCE_SIZE);
-        System.arraycopy(toBytes(len, 4), 0, mic, GSI_SEQUENCE_SIZE, 4);
-
-        this.cipherFactory.getTlsBlockCipher().getWriteMac().incSequence();
-
-        int pad_ct = (48 / md_size) * md_size;
-
-        try {
-            MessageDigest md = MessageDigest.getInstance(
-                    this.cipherFactory.getDigest().getAlgorithmName());
-
-            md.update(this.cipherFactory.getTlsBlockCipher().getWriteMac()
-                    .getMACSecret());
-            for (int i = 0; i < pad_ct; i++) {
-                md.update(SSLHANDSHAKE_PAD_1);
-            }
-            md.update(mic, 0, GSI_MESSAGE_DIGEST_PADDING);
-            md.update(inBuf, off, len);
-
-            byte[] digest = md.digest();
-
-            System.arraycopy(digest, 0, mic, GSI_MESSAGE_DIGEST_PADDING, digest.length);
-        } catch (NoSuchAlgorithmException e) {
-            throw new GlobusGSSException(GSSException.FAILURE, e);
-        }
-
-        if (prop != null) {
-            prop.setPrivacy(false);
-            prop.setQOP(0);
-        }
-
-        return mic;
-    }
-
-    /*
-        getMIC(InputStream, OutputStream) unimplemented
-     */
-    public void getMIC(InputStream in, OutputStream out, MessageProp msgProp)
-            throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @param inTok
-     * @param tokOff
-     * @param tokLen
-     * @param inMsg
-     * @param msgOff
-     * @param msgLen
-     * @param prop
-     * @throws GSSException
-     */
-    public void verifyMIC(byte[] inTok, int tokOff, int tokLen,
-                          byte[] inMsg, int msgOff, int msgLen,
-                          MessageProp prop) throws GSSException {
-                checkContext();
-
-        String digestAlg = this.cipherFactory.getDigest().getAlgorithmName();
-        int md_size = this.cipherFactory.getDigest().getDigestSize();
-
-        if (tokLen != (GSI_MESSAGE_DIGEST_PADDING + md_size)) {
-            throw new GlobusGSSException(GSSException.DEFECTIVE_TOKEN,
-                                         GlobusGSSException.TOKEN_FAIL,
-                                         "tokenFail00",
-                                         new Object[] {new Integer(tokLen),
-                                                       new Integer(GSI_MESSAGE_DIGEST_PADDING +
-                                                                   md_size)});
-        }
-
-        int bufLen = SSLUtil.toInt(inTok, tokOff + GSI_SEQUENCE_SIZE);
-        if (bufLen != msgLen) {
-            throw new GlobusGSSException(GSSException.DEFECTIVE_TOKEN,
-                                         GlobusGSSException.TOKEN_FAIL,
-                                         "tokenFail01",
-                                         new Object[] {new Integer(msgLen), new Integer(bufLen)});
-        }
-
-        int pad_ct = (48 / md_size) * md_size;
-
-        byte [] digest = null;
-
-        try {
-            MessageDigest md =
-                MessageDigest.getInstance(digestAlg);
-
-            md.update(this.cipherFactory.getTlsBlockCipher().getReadMac()
-                    .getMACSecret());
-            for(int i=0;i<pad_ct;i++) {
-                md.update(SSLHANDSHAKE_PAD_1);
-            }
-            md.update(inTok, tokOff, GSI_MESSAGE_DIGEST_PADDING);
-            md.update(inMsg, msgOff, msgLen);
-
-            digest = md.digest();
-        } catch (NoSuchAlgorithmException e) {
-            throw new GlobusGSSException(GSSException.FAILURE, e);
-        }
-
-        byte [] token = new byte[tokLen-GSI_MESSAGE_DIGEST_PADDING];
-        System.arraycopy(inTok, tokOff+GSI_MESSAGE_DIGEST_PADDING, token, 0, token.length);
-
-        if (!Arrays.equals(digest, token)) {
-            throw new GlobusGSSException(GSSException.BAD_MIC,
-                                         GlobusGSSException.BAD_MIC,
-                                         "tokenFail02");
-        }
-
-        long tokSeq = SSLUtil.toLong(inTok, tokOff);
-        long readSeq = this.cipherFactory.getTlsBlockCipher().getReadMac()
-                .getSequenceNumber();
-        long seqTest = tokSeq - readSeq;
-
-        if (seqTest > 0) {
-            // gap token
-            throw new GSSException(GSSException.GAP_TOKEN);
-        } else if (seqTest < 0) {
-            // old token
-            throw new GSSException(GSSException.OLD_TOKEN);
-        } else {
-            this.cipherFactory.getTlsBlockCipher().getReadMac().incSequence();
-        }
-
-        if (prop != null) {
-            prop.setPrivacy(false);
-            prop.setQOP(0);
-        }
-    }
-
-    /*
-        verifyMIC(InputStream, InputStream) unimplemented
-    */
-    public void verifyMIC(InputStream tokStream, InputStream msgStream,
-                          MessageProp msgProp) throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /*
-        export not implemented
-     */
-    public byte[] export() throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestMutualAuth(boolean state) throws GSSException {
-        if (!state) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "mutualAuthOn");
-        }
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestReplayDet(boolean state) throws GSSException {
-        if (!state) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "replayDet");
-        }
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestSequenceDet(boolean state) throws GSSException {
-        if (!state) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "seqDet");
-        }
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestCredDeleg(boolean state) throws GSSException {
-        this.credentialDelegation = state;
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestAnonymity(boolean state) throws GSSException {
-        this.anonymity = state;
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestConf(boolean state) throws GSSException {
-        //TODO: unencrypted not possible
-        this.encryption = true;
-    }
-
-    /**
-     *
-     * @param state
-     * @throws GSSException
-     */
-    public void requestInteg(boolean state) throws GSSException {
-        if (!state) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.BAD_OPTION,
-                    "integOn");
-        }
-    }
-
-    /**
-     *
-     * @param lifetime
-     * @throws GSSException
-     */
-    public void requestLifetime(int lifetime) throws GSSException {
-        if (lifetime == GSSContext.INDEFINITE_LIFETIME) {
-            throw new GlobusGSSException(GSSException.FAILURE,
-                    GlobusGSSException.UNKNOWN,
-                    "badLifetime00");
-        }
-
-        if (lifetime != GSSContext.DEFAULT_LIFETIME) {
-            Calendar calendar = Calendar.getInstance();
-            calendar.add(Calendar.SECOND, lifetime);
-            setGoodUntil(calendar.getTime());
-        }
-    }
-
-    /*
-        setChannelBinding unimplemented
-     */
-    public void setChannelBinding(ChannelBinding cb) throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getCredDelegState() {
-        return this.credentialDelegation;
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getMutualAuthState() {
-        return true;  // always on with gsi
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getReplayDetState() {
-        return true;  // always on with ssl
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getSequenceDetState() {
-        return true;  // always on with ssl
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getAnonymityState() {
-        return this.anonymity;
-    }
-
-    /*
-        isTransferable unimplemented
-     */
-    public boolean isTransferable() throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean isProtReady() {
-        return isEstablished();
-    }
-
-    /**
-     *
-     * @return
-     */
-    public boolean getConfState() {
-        return this.encryption;
-    }
-
-    public boolean getIntegState() {
-        return true;  // always on with ssl
-    }
-
-    /**
-     *
-     * @return
-     */
-    public int getLifetime() {
-        if (goodUntil != null) {
-            return (int) ((goodUntil.getTime() - System.currentTimeMillis())
-                    / 1000);
-        } else {
-            return -1;
-        }
-    }
-
-    /**
-     *
-     * @return
-     * @throws GSSException
-     */
-    public GSSName getSrcName() throws GSSException {
-        return this.sourceName;
-    }
-
-    /**
-     *
-     * @return
-     * @throws GSSException
-     */
-    public GSSName getTargName() throws GSSException {
-        return this.targetName;
-    }
-
-    /**
-     *
-     * @return
-     * @throws GSSException
-     */
-    public Oid getMech() throws GSSException {
-        return GSSConstants.MECH_OID;
-    }
-
-    /*
-        getDelegCred unimplemented (would have been set by acceptSecContext
-     */
-    public GSSCredential getDelegCred() throws GSSException {
-        throw new GSSException(GSSException.UNAVAILABLE);
-    }
-
-    /**
-     *
-     * @return
-     * @throws GSSException
-     */
-    public boolean isInitiator() throws GSSException {
-        return true;  // acceptor side currently isn't implemented
-    }
-
-    /**
-     *
-     * @param val
-     * @return
-     */
-    public static byte[] toBytes(long val){
-        return toBytes(val,8);
-    }
-
-    /**
-     *
-     * @param val
-     * @return
-     */
-    public static byte[] toBytes(short val){
-        return toBytes((long)val,2);
-    }
-
-    /**
-     *
-     * @param val
-     * @param bytes
-     * @return
-     */
-    public static byte[] toBytes(long val,int bytes){
-        byte[] retval=new byte[bytes];
-
-        while(bytes-->0){
-            retval[bytes]=(byte)(val & 0xff);
-            val>>=8;
-        }
-
-        return retval;
-    }
-}
+///*
+// *
+// * Licensed to the Apache Software Foundation (ASF) under one
+// * or more contributor license agreements.  See the NOTICE file
+// * distributed with this work for additional information
+// * regarding copyright ownership.  The ASF licenses this file
+// * to you under the Apache License, Version 2.0 (the
+// * "License"); you may not use this file except in compliance
+// * with the License.  You may obtain a copy of the License at
+// *
+// *   http://www.apache.org/licenses/LICENSE-2.0
+// *
+// * Unless required by applicable law or agreed to in writing,
+// * software distributed under the License is distributed on an
+// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// * KIND, either express or implied.  See the License for the
+// * specific language governing permissions and limitations
+// * under the License.
+// *
+// */
+//
+//package edu.illinois.ncsa.BCGSS;
+//
+//import org.bouncycastle.jce.provider.X509CertificateObject;
+//import org.globus.gsi.*;
+//import org.globus.gsi.bc.*;
+//import org.globus.gsi.gssapi.*;
+//import org.globus.gsi.util.*;
+//import org.gridforum.jgss.*;
+//import org.ietf.jgss.*;
+//import org.ietf.jgss.Oid;
+//import sun.reflect.generics.reflectiveObjects.NotImplementedException;
+//
+//import java.io.*;
+//import java.security.*;
+//import java.security.cert.*;
+//import java.security.cert.Certificate;
+//import java.util.*;
+//
+//public class BCGSSContextImpl implements ExtendedGSSContext {
+//    /**
+//     * Used to distinguish between a token created by
+//     * <code>wrap</code> with {@link GSSConstants#GSI_BIG
+//     * GSSConstants.GSI_BIG}
+//     * QoP and a regular token created by <code>wrap</code>.
+//     */
+//    public static final int GSI_WRAP = 26;
+//    /**
+//     * SSL3_RT_GSSAPI_OPENSSL
+//     */
+//
+//    private static final int GSI_SEQUENCE_SIZE = 8;
+//
+//    private static final int GSI_MESSAGE_DIGEST_PADDING = 12;
+//
+//    private static final byte[] SSLHANDSHAKE_PAD_1 = {0x36};
+//
+//    private static final String[] NO_ENCRYPTION = {"SSL_RSA_WITH_NULL_MD5"};
+//
+//    private static final String[] ENABLED_PROTOCOLS = {"TLSv1", "SSLv3"};
+//
+//    private static final byte[] DELEGATION_TOKEN =
+//            new byte[]{GSIConstants.DELEGATION_CHAR};
+//
+//    /**
+//     * Handshake state
+//     */
+//    protected int state = HANDSHAKE;
+//
+//    /* handshake states */
+//    private static final int
+//            HANDSHAKE = 0,
+//            CLIENT_START_DEL = 2,
+//            CLIENT_END_DEL = 3,
+//            SERVER_START_DEL = 4,
+//            SERVER_END_DEL = 5;
+//
+//    /**
+//     * Delegation state
+//     */
+//    protected int delegationState = DELEGATION_START;
+//
+//    /* delegation states */
+//    private static final int
+//            DELEGATION_START = 0,
+//            DELEGATION_SIGN_CERT = 1,
+//            DELEGATION_COMPLETE_CRED = 2;
+//
+//    /**
+//     * Delegation finished indicator
+//     */
+//    protected boolean delegationFinished = false;
+//
+//    // gss context state variables
+//    protected boolean credentialDelegation = false;
+//    protected boolean anonymity = false;
+//    protected boolean encryption = false;
+//    protected boolean established = false;
+//
+//    /**
+//     * The name of the context initiator
+//     */
+//    protected GSSName sourceName = null;
+//
+//    /**
+//     * The name of the context acceptor
+//     */
+//    protected GSSName targetName = null;
+//
+//    // these can be set via setOption
+//    protected GSIConstants.DelegationType delegationType =
+//            GSIConstants.DelegationType.LIMITED;
+//    protected Integer gssMode = GSIConstants.MODE_GSI;
+//    protected Boolean checkContextExpiration = Boolean.FALSE;
+//    protected Boolean rejectLimitedProxy = Boolean.FALSE;
+//    protected Boolean requireClientAuth = Boolean.TRUE;
+//    protected Boolean acceptNoClientCerts = Boolean.FALSE;
+//    protected Boolean requireAuthzWithDelegation = Boolean.TRUE;
+//
+//    // *** implementation-specific variables ***
+//
+//    /**
+//     * Credential of this context. Might be anonymous
+//     */
+//    protected GlobusGSSCredentialImpl ctxCred;
+//
+//    /**
+//     * Expected target name. Used for authorization in initiator
+//     */
+//    protected GSSName expectedTargetName = null;
+//
+//    /**
+//     * Context expiration date.
+//     */
+//    protected Date goodUntil = null;
+//
+//    protected boolean conn = false;
+//
+//    protected BouncyCastleCertProcessingFactory certFactory;
+//
+//    protected Map proxyPolicyHandlers;
+//
+//    /**
+//     * Limited peer credentials
+//     */
+//    protected Boolean peerLimited = null;
+//
+//    private TlsHandlerUtil tlsHU = null;
+//    private GlobusTlsClient tlsClient = null;
+//    private GlobusTlsCipherFactory cipherFactory = null;
+//
+//    /**
+//     *
+//     * @param target
+//     * @param cred
+//     * @throws org.ietf.jgss.GSSException
+//     */
+//    public BCGSSContextImpl(GSSName target, GlobusGSSCredentialImpl cred)
+//            throws GSSException {
+//        if (cred == null) {
+//            throw new GSSException(GSSException.NO_CRED);
+//        }
+//
+//        this.expectedTargetName = target;
+//        this.ctxCred = cred;
+//    }
+//
+//    /**
+//     *
+//     * @throws org.globus.gsi.gssapi.GlobusGSSException
+//     */
+//    private void init() throws GlobusGSSException {
+//        this.certFactory = BouncyCastleCertProcessingFactory.getDefault();
+//        this.state = HANDSHAKE;
+//
+//
+//        try {
+//            this.cipherFactory = new GlobusTlsCipherFactory();
+//            this.tlsClient =
+//                    new GlobusTlsClient(this.ctxCred.getX509Credential(),
+//                                        this.cipherFactory);
+//        } catch (Exception e) {
+//            throw new GlobusGSSException(GSSException.FAILURE, e);
+//        }
+//
+//        // TODO: set enabled cipher suites in client?
+//        // TODO: enable null encryption ciphers on user request?
+//
+//        /*
+//       TlsProtocolVersion[] tlsVersion =
+//            new TlsProtocolVersion[] {TlsProtocolVersion.TLSv10,
+//                                      TlsProtocolVersion.SSLv3};
+//                                      */
+//            //new TlsProtocolVersion[] {TlsProtocolVersion.TLSv10};
+//            //new TlsProtocolVersion[] {TlsProtocolVersion.SSLv3};
+//
+//       //this.tlsHU = new TlsHandlerUtil(this.tlsClient, tlsVersion);
+//        this.tlsHU = new TlsHandlerUtil(this.tlsClient);
+//    }
+//
+//    /**
+//     *
+//     * @param cert
+//     * @return
+//     * @throws GSSException
+//     */
+//    private X509Certificate bcConvert(X509Certificate cert)
+//            throws GSSException {
+//        if (!(cert instanceof X509CertificateObject)) {
+//            try {
+//                return CertificateLoadUtil.loadCertificate(new ByteArrayInputStream(cert.getEncoded()));
+//            } catch (Exception e) {
+//                throw new GlobusGSSException(GSSException.FAILURE, e);
+//            }
+//        } else {
+//            return cert;
+//        }
+//    }
+//
+//    private void handshakeFinished()
+//            throws IOException {
+//        //TODO: enable encryption depending on cipher suite decided in handshake
+//        this.encryption = true;
+//        //System.out.println("encryption alg: " + cs);
+//    }
+//
+//    /**
+//     *
+//     */
+//    private void setDone() {
+//        this.established = true;
+//    }
+//
+//    /**
+//     *
+//     * @param date
+//     */
+//    private void setGoodUntil(Date date) {
+//        if (this.goodUntil == null) {
+//            this.goodUntil = date;
+//        } else if (date.before(this.goodUntil)) {
+//            this.goodUntil = date;
+//        }
+//    }
+//
+//    /**
+//     *
+//     * @throws GSSException
+//     */
+//    protected void checkContext()
+//            throws GSSException {
+//        if (!this.conn || !isEstablished()) {
+//            throw new GSSException(GSSException.NO_CONTEXT);
+//        }
+//
+//        if (this.checkContextExpiration && getLifetime() <= 0) {
+//            throw new GSSException(GSSException.CONTEXT_EXPIRED);
+//        }
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setGssMode(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Integer)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"GSS mode", Integer.class});
+//        }
+//        Integer v = (Integer) value;
+//        if (v.equals(GSIConstants.MODE_GSI) ||
+//                v.equals(GSIConstants.MODE_SSL)) {
+//            this.gssMode = v;
+//        } else {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION,
+//                    "badGssMode");
+//        }
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setDelegationType(Object value)
+//            throws GSSException {
+//        GSIConstants.DelegationType v;
+//        if (value instanceof GSIConstants.DelegationType)
+//            v = (GSIConstants.DelegationType) value;
+//        else if (value instanceof Integer) {
+//            v = GSIConstants.DelegationType.get(((Integer) value).intValue());
+//        } else {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"delegation type",
+//                            GSIConstants.DelegationType.class});
+//        }
+//        if (v == GSIConstants.DelegationType.FULL ||
+//                v == GSIConstants.DelegationType.LIMITED) {
+//            this.delegationType = v;
+//        } else {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION,
+//                    "badDelegType");
+//        }
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setCheckContextExpired(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Boolean)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"check context expired", Boolean.class});
+//        }
+//        this.checkContextExpiration = (Boolean) value;
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setRejectLimitedProxy(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Boolean)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"reject limited proxy", Boolean.class});
+//        }
+//        this.rejectLimitedProxy = (Boolean) value;
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setRequireClientAuth(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Boolean)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"require client auth", Boolean.class});
+//        }
+//        this.requireClientAuth = (Boolean) value;
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setRequireAuthzWithDelegation(Object value)
+//            throws GSSException {
+//
+//        if (!(value instanceof Boolean)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"require authz with delehation",
+//                            Boolean.class});
+//        }
+//        this.requireAuthzWithDelegation = (Boolean) value;
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setAcceptNoClientCerts(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Boolean)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"accept no client certs", Boolean.class});
+//        }
+//        this.acceptNoClientCerts = (Boolean) value;
+//    }
+//
+//    /**
+//     *
+//     * @param value
+//     * @throws GSSException
+//     */
+//    protected void setProxyPolicyHandlers(Object value)
+//            throws GSSException {
+//        if (!(value instanceof Map)) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_OPTION_TYPE,
+//                    "badType",
+//                    new Object[]{"Proxy policy handlers",
+//                            Map.class});
+//        }
+//        this.proxyPolicyHandlers = (Map) value;
+//    }
+//
+//    /////////////////////////////////////////////////////////////////////
+//    /////////////////////////////////////////////////////////////////////
+//    /////////////////////////////////////////////////////////////////////
+//
+//    // Methods below are part of the (Extended)GSSContext implementation
+//
+//    /////////////////////////////////////////////////////////////////////
+//    /////////////////////////////////////////////////////////////////////
+//    /////////////////////////////////////////////////////////////////////
+//
+//    /**
+//     *
+//     * @param option
+//     *        option type.
+//     * @param value
+//     *        option value.
+//     * @throws GSSException
+//     */
+//    public void setOption(Oid option, Object value) throws GSSException {
+//        if (option == null) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_ARGUMENT,
+//                    "nullOption");
+//        }
+//        if (value == null) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_ARGUMENT,
+//                    "nullOptionValue");
+//        }
+//
+//        if (option.equals(GSSConstants.GSS_MODE)) {
+//            setGssMode(value);
+//        } else if (option.equals(GSSConstants.DELEGATION_TYPE)) {
+//            setDelegationType(value);
+//        } else if (option.equals(GSSConstants.CHECK_CONTEXT_EXPIRATION)) {
+//            setCheckContextExpired(value);
+//        } else if (option.equals(GSSConstants.REJECT_LIMITED_PROXY)) {
+//            setRejectLimitedProxy(value);
+//        } else if (option.equals(GSSConstants.REQUIRE_CLIENT_AUTH)) {
+//            setRequireClientAuth(value);
+//        } else if (option.equals(GSSConstants.TRUSTED_CERTIFICATES)) {
+//            // setTrustedCertificates(value);
+//            throw new GSSException(GSSException.UNAVAILABLE);
+//        } else if (option.equals(GSSConstants.PROXY_POLICY_HANDLERS)) {
+//            setProxyPolicyHandlers(value);
+//        } else if (option.equals(GSSConstants.ACCEPT_NO_CLIENT_CERTS)) {
+//            setAcceptNoClientCerts(value);
+//        } else if (option.equals(GSSConstants
+//                .AUTHZ_REQUIRED_WITH_DELEGATION)) {
+//            setRequireAuthzWithDelegation(value);
+//        } else {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.UNKNOWN_OPTION,
+//                    "unknownOption",
+//                    new Object[]{option});
+//        }
+//    }
+//
+//    /**
+//     *
+//     * @param option
+//     * @return
+//     * @throws GSSException
+//     */
+//    public Object getOption(Oid option) throws GSSException {
+//        if (option == null) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_ARGUMENT,
+//                    "nullOption");
+//        }
+//
+//        if (option.equals(GSSConstants.GSS_MODE)) {
+//            return this.gssMode;
+//        } else if (option.equals(GSSConstants.DELEGATION_TYPE)) {
+//            return this.delegationType;
+//        } else if (option.equals(GSSConstants.CHECK_CONTEXT_EXPIRATION)) {
+//            return this.checkContextExpiration;
+//        } else if (option.equals(GSSConstants.REJECT_LIMITED_PROXY)) {
+//            return this.rejectLimitedProxy;
+//        } else if (option.equals(GSSConstants.REQUIRE_CLIENT_AUTH)) {
+//            return this.requireClientAuth;
+//        } else if (option.equals(GSSConstants.TRUSTED_CERTIFICATES)) {
+//            // return this.tc;
+//            throw new GSSException(GSSException.UNAVAILABLE);
+//        } else if (option.equals(GSSConstants.PROXY_POLICY_HANDLERS)) {
+//            // return this.proxyPolicyHandlers;
+//            throw new GSSException(GSSException.UNAVAILABLE);
+//        } else if (option.equals(GSSConstants.ACCEPT_NO_CLIENT_CERTS)) {
+//            return this.acceptNoClientCerts;
+//        }
+//
+//        return null;
+//    }
+//
+//    /**
+//     * Initiate the delegation of a credential.
+//     *
+//     * This function drives the initiating side of the credential
+//     * delegation process. It is expected to be called in tandem with the
+//     * {@link #acceptDelegation(int, byte[], int, int) acceptDelegation}
+//     * function.
+//     * <BR>
+//     * The behavior of this function can be modified by
+//     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
+//     * and
+//     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE} context
+//     * options.
+//     * The {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
+//     * option controls delegation type to be performed. The
+//     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE}
+//     * option if set to
+//     * {@link org.globus.gsi.GSIConstants#MODE_SSL GSIConstants.MODE_SSL}
+//     * results in tokens that are not wrapped.
+//     *
+//     * @param credential
+//     *        The credential to be delegated. May be null
+//     *        in which case the credential associated with the security
+//     *        context is used.
+//     * @param mechanism
+//     *        The desired security mechanism. May be null.
+//     * @param lifetime
+//     *        The requested period of validity (seconds) of the delegated
+//     *        credential.
+//     * @return A token that should be passed to <code>acceptDelegation</code> if
+//     *         <code>isDelegationFinished</code> returns false. May be null.
+//     * @exception GSSException containing the following major error codes:
+//     *            <code>GSSException.FAILURE</code>
+//     */
+//    public byte[] initDelegation(GSSCredential credential, Oid mechanism,
+//                                 int lifetime, byte[] buf, int off, int len)
+//            throws GSSException {
+//        //TODO: implement this
+//        return new byte[0];
+//    }
+//
+//    /*
+//     *  acceptDelegation unimplemented
+//     */
+//    public byte[] acceptDelegation(int i, byte[] bytes, int i1, int i2)
+//            throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//    /*
+//        getDelegatedCredential unimplemented (would be set by acceptDelegation)
+//     */
+//    public GSSCredential getDelegatedCredential() {
+//        return null;
+//    }
+//
+//    /**
+//     *
+//     * @return
+//     */
+//    public boolean isDelegationFinished() {
+//        return this.delegationFinished;
+//    }
+//
+//    /**
+//     * Retrieves arbitrary data about this context.
+//     * Currently supported oid: <UL>
+//     * <LI>
+//     * {@link GSSConstants#X509_CERT_CHAIN GSSConstants.X509_CERT_CHAIN}
+//     * returns certificate chain of the peer (<code>X509Certificate[]</code>).
+//     * </LI>
+//     * </UL>
+//     *
+//     * @param oid the oid of the information desired.
+//     * @return the information desired. Might be null.
+//     * @exception GSSException containing the following major error codes:
+//     *            <code>GSSException.FAILURE</code>
+//     */
+//    public Object inquireByOid(Oid oid) throws GSSException {
+//        if (oid == null) {
+//            throw new GlobusGSSException(GSSException.FAILURE,
+//                    GlobusGSSException.BAD_ARGUMENT,
+//                    "nullOption");
+//        }
+//
+//        if (oid.equals(GSSConstants.X509_CERT_CHAIN)) {
+//            if (isEstablished()) {
+//                // converting certs is slower but keeping converted certs
+//                // takes lots of memory.
+//                try {
+//                    Certificate[] peerCerts;
+//                    //TODO:  used to get this from
+//                    //  SSLEngine.getSession().getPeerCertificates()
+//                    peerCerts = null;
+//                    if (peerCerts != null && peerCerts.length > 0) {
+//                        return (X509Certificate[]) peerCerts;
+//                    } else {
+//                        return null;
+//                    }
+//                } catch (Exception e) {
+//                    throw new GlobusGSSException(
+//                            GSSException.DEFECTIVE_CREDENTIAL,
+//                            e
+//                    );
+//                }
+//            }
+//        } else if (oid.equals(GSSConstants.RECEIVED_LIMITED_PROXY)) {
+//            return this.peerLimited;
+//        }
+//
+//        return null;
+//    }
+//
+//    public void setBannedCiphers(String[] strings) {
+//        //To change body of implemented methods use File | Settings | File Templates.
+//        throw new NotImplementedException();
+//    }
+//
+//    /**
+//     * This function drives the initiating side of the context establishment
+//     * process. It is expected to be called in tandem with the
+//     * {@link #acceptSecContext(byte[], int, int) acceptSecContext} function.
+//     * <BR>
+//     * The behavior of context establishment process can be modified by
+//     * {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE},
+//     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}, and
+//     * {@link GSSConstants#REJECT_LIMITED_PROXY GSSConstants.REJECT_LIMITED_PROXY}
+//     * context options. If the {@link GSSConstants#GSS_MODE GSSConstants.GSS_MODE}
+//     * option is set to
+//     * {@link org.globus.gsi.GSIConstants#MODE_SSL GSIConstants.MODE_SSL}
+//     * the context establishment process will be compatible with regular SSL
+//     * (no credential delegation support). If the option is set to
+//     * {@link org.globus.gsi.GSIConstants#MODE_GSI GSIConstants.GSS_MODE_GSI}
+//     * credential delegation during context establishment process will performed.
+//     * The delegation type to be performed can be set using the
+//     * {@link GSSConstants#DELEGATION_TYPE GSSConstants.DELEGATION_TYPE}
+//     * context option. If the {@link GSSConstants#REJECT_LIMITED_PROXY
+//     * GSSConstants.REJECT_LIMITED_PROXY} option is enabled,
+//     * a peer presenting limited proxy credential will be automatically
+//     * rejected and the context establishment process will be aborted.
+//     *
+//     * @return a byte[] containing the token to be sent to the peer.
+//     *         null indicates that no token is generated (needs more data).
+//     */
+//    public byte[] initSecContext(byte[] inBuff, int off, int len)
+//            throws GSSException {
+//
+//        if (!this.conn) {
+//            //System.out.println("enter initializing in initSecContext");
+//            if (this.credentialDelegation) {
+//                if (this.gssMode.equals(GSIConstants.MODE_SSL)) {
+//                    throw new GlobusGSSException(GSSException.FAILURE,
+//                            GlobusGSSException.BAD_ARGUMENT,
+//                            "initCtx00");
+//                }
+//                if (this.anonymity) {
+//                    throw new GlobusGSSException(GSSException.FAILURE,
+//                            GlobusGSSException.BAD_ARGUMENT,
+//                            "initCtx01");
+//                }
+//            }
+//
+//            if (this.anonymity || this.ctxCred.getName().isAnonymous()) {
+//                this.anonymity = true;
+//            } else {
+//                this.anonymity = false;
+//
+//                if (ctxCred.getUsage() != GSSCredential.INITIATE_ONLY &&
+//                    ctxCred.getUsage() != GSSCredential.INITIATE_AND_ACCEPT) {
+//                    throw new GlobusGSSException(
+//                            GSSException.DEFECTIVE_CREDENTIAL,
+//                            GlobusGSSException.UNKNOWN,
+//                            "badCredUsage");
+//                }
+//            }
+//
+//            init();
+//
+//            this.conn = true;
+//        }
+//
+//        // Unless explicitly disabled, check if delegation is
+//        // requested and expected target is null
+//        if (!Boolean.FALSE.equals(this.requireAuthzWithDelegation)) {
+//
+//            if (this.expectedTargetName == null &&
+//                    this.credentialDelegation) {
+//                throw new GlobusGSSException(GSSException.FAILURE,
+//                        GlobusGSSException.BAD_ARGUMENT,
+//                        "initCtx02");
+//            }
+//        }
+//
+//        byte[] returnToken = null;
+//
+//        switch (state) {
+//            case HANDSHAKE:
+//                try {
+//                    returnToken = this.tlsHU.nextHandshakeToken(inBuff);
+//
+//                    if (this.tlsHU.isHandshakeFinished()) {
+//                        //System.out.println("initSecContext handshake finished");
+//                        handshakeFinished(); // just enable encryption
+//
+//                        Certificate[] chain = this.tlsClient.getPeerCerts();
+//                        if (!(chain instanceof X509Certificate[])) {
+//                            throw new Exception(
+//                               "Certificate chain not of type X509Certificate");
+//                        }
+//
+//                        for (X509Certificate cert : (X509Certificate[]) chain) {
+//                            setGoodUntil(cert.getNotAfter());
+//                        }
+//
+//                        String identity = BouncyCastleUtil.getIdentity(
+//                                bcConvert(
+//                                        BouncyCastleUtil.getIdentityCertificate(
+//                                                (X509Certificate[]) chain)));
+//                        this.targetName =
+//                                new GlobusGSSName(CertificateUtil.toGlobusID(
+//                                        identity, false));
+//
+//                        this.peerLimited = ProxyCertificateUtil.isLimitedProxy(
+//                                BouncyCastleUtil.getCertificateType(
+//                                        (X509Certificate) chain[0]));
+//
+//                        // initiator
+//                        if (this.anonymity) {
+//                            this.sourceName = new GlobusGSSName();
+//                        } else {
+//                            for (X509Certificate cert :
+//                                    ctxCred.getCertificateChain()) {
+//                                setGoodUntil(cert.getNotAfter());
+//                            }
+//                            this.sourceName = this.ctxCred.getName();
+//                        }
+//
+//                        // mutual authentication test
+//                        if (this.expectedTargetName != null &&
+//                           !this.expectedTargetName.equals(this.targetName)) {
+//                            throw new GlobusGSSException(
+//                                    GSSException.UNAUTHORIZED,
+//                                    GlobusGSSException.BAD_NAME,
+//                                    "authFailed00",
+//                                    new Object[]{this.expectedTargetName,
+//                                            this.targetName});
+//                        }
+//
+//                        if (this.gssMode.equals(GSIConstants.MODE_GSI)) {
+//                            this.state = CLIENT_START_DEL;
+//                            // if there is a token to return then break
+//                            // otherwise we fall through to delegation
+//                            if (returnToken != null && returnToken.length > 0) {
+//                                break;
+//                            }
+//                        } else {
+//                            setDone();
+//                            break;
+//                        }
+//
+//                    } else { // handshake not complete yet
+//                        break;
+//                    }
+//                } catch (IOException e) {
+//                    throw new GlobusGSSException(GSSException.FAILURE, e);
+//                } catch (Exception e) {
+//                    throw new GlobusGSSException(GSSException.FAILURE, e);
+//                }
+//
+//            case CLIENT_START_DEL:
+//
+//                // sanity check - might be invalid state
+//                if (this.state != CLIENT_START_DEL ||
+//                        (returnToken != null && returnToken.length > 0) ) {
+//                    throw new GSSException(GSSException.FAILURE);
+//                }
+//
+//                try {
+//                    String deleg;
+//
+//                    if (getCredDelegState()) {
+//                        deleg = Character.toString(
+//                                GSIConstants.DELEGATION_CHAR);
+//                        this.state = CLIENT_END_DEL;
+//                    } else {
+//                        deleg = Character.toString('0');
+//                        setDone();
+//                    }
+//
+//                    // TODO: Force ASCII encoding?
+//                    byte[] a = deleg.getBytes();
+//                    // SSL wrap the delegation token
+//                    returnToken = this.tlsHU.wrap(a);
+//                } catch (Exception e) {
+//                    throw new GlobusGSSException(GSSException.FAILURE, e);
+//                }
+//
+//                break;
+//
+//            case CLIENT_END_DEL:
+//
+//                if (inBuff == null || inBuff.length == 0) {
+//                    throw new GSSException(GSSException.DEFECTIVE_TOKEN);
+//                }
+//
+//                try {
+//                    // SSL unwrap the token on the inBuff (it's a CSR)
+//                    byte[] certReq = this.tlsHU.unwrap(inBuff);
+//
+//                    if (certReq.length == 0) break;
+//
+//                    X509Certificate[] chain =
+//                            this.ctxCred.getCertificateChain();
+//
+//                    X509Certificate cert = this.certFactory.createCertificate(
+//                            new ByteArrayInputStream(certReq),
+//                            chain[0],
+//                            this.ctxCred.getPrivateKey(),
+//                            -1,
+//                            BouncyCastleCertProcessingFactory.decideProxyType(
+//                                    chain[0], this.delegationType));
+//
+//                    byte[] enc = cert.getEncoded();
+//                    // SSL wrap the encoded cert and return that buffer
+//                    returnToken = this.tlsHU.wrap(enc);
+//                    setDone();
+//                } catch (GeneralSecurityException e) {
+//                    throw new GlobusGSSException(GSSException.FAILURE, e);
+//                } catch (IOException e) {
+//                    throw new GlobusGSSException(GSSException.FAILURE, e);
+//                }
+//
+//                break;
+//
+//            default:
+//                throw new GSSException(GSSException.FAILURE);
+//        }
+//
+//        //TODO: Why is there a check for CLIENT_START_DEL?
+//        if (returnToken != null && returnToken.length > 0 ||
+//            this.state == CLIENT_START_DEL) {
+//            return returnToken;
+//        } else
+//            return null;
+//    }
+//
+//    /**
+//     * It works just like
+//     * {@link #initSecContext(byte[], int, int) initSecContext} method.
+//     * It reads one SSL token from input stream, calls
+//     * {@link #initSecContext(byte[], int, int) acceptSecContext} method and
+//     * writes the output token to the output stream (if any)
+//     * SSL token is not read on the initial call.
+//     */
+//    public int initSecContext(InputStream in, OutputStream out)
+//            throws GSSException {
+//        byte[] inToken = null;
+//        try {
+//            if (!this.conn) {
+//                inToken = new byte[0];
+//            } else {
+//                inToken = SSLUtil.readSslMessage(in);
+//            }
+//            byte[] outToken = initSecContext(inToken, 0, inToken.length);
+//            if (outToken != null) {
+//                out.write(outToken);
+//                return outToken.length;
+//            } else {
+//                return 0;
+//            }
+//        } catch (IOException e) {
+//            throw new GlobusGSSException(GSSException.FAILURE, e);
+//        }
+//    }
+//
+//    /*
+//        acceptSecContext not implemented
+//     */
+//    public byte[] acceptSecContext(byte[] bytes, int i, int i1)
+//            throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//    /*
+//        acceptSecContext not implemented
+//     */
+//    public void acceptSecContext(InputStream in, OutputStream out)
+//            throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//    /**
+//     *
+//     * @return
+//     */
+//    public boolean isEstablished() {
+//        return this.established;
+//    }
+//
+//    /**
+//     *
+//     * @throws GSSException
+//     */
+//    public void dispose() throws GSSException {
+//        // does nothing
+//    }
+//
+//    /*
+//        getWrapSizeLimit unimplemented
+//     */
+//    public int getWrapSizeLimit(int i, boolean b, int i1) throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//
+//    /**
+//     * Wraps a message for integrity and protection.
+//     * Returns a GSI-wrapped token when privacy is not requested and
+//     * QOP requested is set to
+//     * {@link GSSConstants#GSI_BIG GSSConstants.GSI_BIG}. Otherwise
+//     * a regular SSL-wrapped token is returned.
+//     */
+//    public byte[] wrap(byte[] inBuf, int off, int len, MessageProp prop)
+//            throws GSSException {
+//        checkContext();
+//
+//        byte[] token = null;
+//        boolean doGSIWrap = false;
+//
+//        if (prop != null) {
+//            if (prop.getQOP() != 0 && prop.getQOP() != GSSConstants.GSI_BIG) {
+//                throw new GSSException(GSSException.BAD_QOP);
+//            }
+//            doGSIWrap = (!prop.getPrivacy() &&
+//                    prop.getQOP() == GSSConstants.GSI_BIG);
+//        }
+//
+//        if (doGSIWrap) {
+//            throw new GSSException(GSSException.UNAVAILABLE);
+//        } else {
+//            try {
+//                token = this.tlsHU.wrap(inBuf, off, len);
+//            } catch (IOException e) {
+//                throw new GlobusGSSException(GSSException.FAILURE, e);
+//            }
+//
+//            if (prop != null) {
+//                prop.setPrivacy(this.encryption);
+//                prop.setQOP(0);
+//            }
+//        }
+//
+//        return token;
+//    }
+//
+//    /*
+//        wrap(InputStream, OutputStream) unimplemented
+//     */
+//    public void wrap(InputStream in, OutputStream out, MessageProp msgProp)
+//            throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//    /**
+//     * Unwraps a token generated by <code>wrap</code> method on the other side
+//     * of the context.  The input token can either be a regular SSL-wrapped
+//     * token or GSI-wrapped token. Upon return from the method the
+//     * <code>MessageProp</code> object will contain the applied QOP and privacy
+//     * state of the message. In case of GSI-wrapped token the applied QOP will
+//     * be set to {@link GSSConstants#GSI_BIG GSSConstants.GSI_BIG}
+//     */
+//    public byte[] unwrap(byte[] inBuf, int off, int len, MessageProp prop)
+//            throws GSSException {
+//        checkContext();
+//
+//        byte[] token = null;
+//
+//        /*
+//         * see if the token is a straight SSL packet or
+//         * one of ours made by wrap using get_mic
+//         */
+//        if (inBuf[off] == GSI_WRAP &&
+//                inBuf[off + 1] == 3 &&
+//                inBuf[off + 2] == 0) {
+//            throw new GSSException(GSSException.UNAVAILABLE);
+//        } else {
+//            try {
+//                token = this.tlsHU.unwrap(inBuf, off, len);
+//            } catch (IOException e) {
+//                throw new GlobusGSSException(GSSException.FAILURE, e);
+//            }
+//
+//            if (prop != null) {
+//                prop.setPrivacy(this.encryption);
+//                prop.setQOP(0);
+//            }
+//        }
+//
+//        return token;
+//    }
+//
+//    /*
+//        unwrap(InputStream, OutputStream) unimplemented
+//     */
+//    public void unwrap(InputStream in, OutputStream out, MessageProp msgProp)
+//            throws GSSException {
+//        throw new GSSException(GSSException.UNAVAILABLE);
+//    }
+//
+//    /**
+//     *
+//     * @param inBuf
+//     * @param off
+//     * @param len
+//     * @param prop
+//     * @return
+//     * @throws GSSException
+//     */
+//    public byte[] getMIC(byte[] inBuf, int off, int len, MessageProp prop)
+//            throws GSSException {
+//        checkContext();
+//
+//        if (prop != null && (prop.getQOP() != 0 || prop.getPrivacy())) {
+//            throw new GSSException(GSSException.BAD_QOP);
+//        }
+//
+//        long sequence = this.cipherFactory.getTlsBlockCipher().getWriteMac()
+//                .getSequenceNumber();
+//
+//        int md_size = this.cipherFactory.getDigest().getDigestSize();
+//
+//        byte[] mic = new byte[GSI_MESSAGE_DIGEST_PADDING + md_size];
+//
+//        System.arraycopy(toBytes(sequence), 0, mic, 0, GSI_SEQUENCE_SIZE);
+//        System.arraycopy(toBytes(len, 4), 0, mic, GSI_SEQUENCE_SIZE, 4);
+//
+//        this.cipherFactory.getTlsBlockCipher().getWriteMac().incSequence();
+//
+//        int pad_ct = (48 / md_size) * md_size;
+//
+//        try {
+//            MessageDigest md = MessageDigest.getInstance(
+//                    this.cipherFactory.getDigest().getAlgorithmName());
+//
+//            md.update(this.cipherFactory.getTlsBlockCipher().getWriteMac()
+//                    .getMACSecret());
+//            for (int i = 0; i < pad_ct; i++) {
+//                md.update(SSLHANDSHAKE_PAD_1);
+//            }
+//            md.update(mic, 0, GSI_MESSAGE_DIGEST_PADDING);
+//            md.update(inBuf, off, len);
+//
+//            byte[] digest = md.digest();
+//
+//            System.arraycopy(digest, 0, mic, GSI_MESSAGE_DIGEST_PADDING, digest.length);
+//        } catch (NoSuchAlgorithmException e) {
+//            throw new GlobusGSSException(GSSException.FAILURE, e);
+//        }
+//
+//        if (prop != null) {
+//            prop.setPrivacy(false);
+//            prop.setQOP(0);
+//        }
+//
+//        return mic;
+//    }
+//
+//    /*
+//        getMIC(InputStream, OutputStream) unimplemented
+//     */
+//    public void getMIC(InputStream in, OutputStream out, MessageProp msgProp)
+//            throws GSSException {
+//        throw new GSSException(GSSExcepti

<TRUNCATED>

Mime
View raw message