summaryrefslogtreecommitdiff
path: root/third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt')
-rw-r--r--third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt249
1 files changed, 249 insertions, 0 deletions
diff --git a/third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt b/third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt
new file mode 100644
index 00000000000..d65d8fb0890
--- /dev/null
+++ b/third_party/heimdal/doc/standardisation/draft-morris-java-gssapi-update-for-csharp-00.txt
@@ -0,0 +1,249 @@
+
+
+GSSAPI Java CSharp C. Morris
+INTERNET-DRAFT Novell, Inc.
+draft-morris-java-gssapi-update-for-csharp-00.txt comorris@novell.com
+Expires 10 March 2004 July 2004
+
+
+ Generic Security Service API Version 2 : Java & C# Bindings
+
+Status of this Memo
+
+ Comments should be submitted to comorris@novell.com.
+
+ By submitting this Internet-Draft, I certify that any applicable
+ patent or other IPR claims of which I am aware have been disclosed, or
+ will be disclosed, and any of which I become aware will be disclosed,
+ in accordance with RFC 3668.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that other
+ groups may also distribute working documents as Internet-Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than a "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/1id-abstracts.html
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+Abstract
+
+ The Generic Security Services Application Program Interface (GSS-API)
+ offers application programmers uniform access to security services
+ atop a variety of underlying cryptographic mechanisms. This document
+ proposes an update to RFC 2853, Generic Security Service API Version
+ 2 : Java Bindings, to include C# bindings.
+
+4.17. C# Modifications
+
+ This section describes the language dependent modifications necessary
+ to implement the interface in C#.
+
+4.17.1 C# Assembly Name
+
+ The C# namespace is org.ietf.gss. See section 4.17.5 for an example.
+
+4.17.2 C# Class Definitions
+
+ All class definitions & methods remain the same as specified in the
+ Java bindings.
+
+4.17.3 C# Data Types
+
+ All data types remain the same.
+
+4.17.4 C# Exception Handling
+
+ All exception codes remain the same as specified in the Java bindings.
+ However, C# does not have a 'throws' statement. Therefore, method prototypes do
+ not include the exception type. For example,
+
+ Java method prototype :
+
+ public abstract GSSName createName(String nameStr, Oid nameType)
+ throws GSSException;
+
+ Equivalent C# method prototype :
+
+ public abstract GSSName createName(String nameStr, Oid nameType);
+
+ C# does implement the throw and catch keywords, for example:
+
+ public class GSSName createName(String nameStr, Oid nameType)
+ {
+ int majorCode = 0;
+ ...
+
+ majorCode = validateParms(nameStr, nameType);
+
+ if (majorCode)
+ throw new GSSException(majorCode);
+
+ ...
+ }
+
+
+4.17.5 C# Example Code
+
+ Client example :
+
+ using ietf.org.gss;
+
+ class GssapiClient
+ {
+ private static TcpClient client;
+ private static NetworkStream stream;
+
+ static void Main(string[] args)
+ {
+ Connect("127.0.0.1", "message from client");
+
+ try
+ {
+ GSSManager manager = GSSManager.getInstance();
+
+ Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
+ Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
+
+ // Optionally Identify who the client wishes to be
+ // GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME);
+
+ // Obtain default credential
+ GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY);
+ GSSName name = userCreds.getName(krb5PrincipalNameType);
+
+ Console.WriteLine("Just acquired credentials for " + name.toString());
+
+ int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4"));
+ int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3."));
+ int remLife = userCreds.getRemainingLifetime();
+ int usage = userCreds.getUsage();
+
+ GSSName namea = userCreds.getName();
+ Oid[] oa = userCreds.getMechs();
+
+ // Instantiate and initialize a security context that will be
+ // established with the server
+ GSSContext context = manager.createContext(name,
+ krb5Mechanism,
+ userCreds,
+ GSSContext.DEFAULT_LIFETIME);
+
+ userCreds.dispose();
+
+ // Optionally Set Context Options, must be done before iniSecContext call
+ context.requestMutualAuth(true);
+ context.requestConf(true);
+ context.requestInteg(true);
+ context.requestSequenceDet(true);
+ context.requestCredDeleg(true);
+
+ MemoryStream ins = new MemoryStream();
+ MemoryStream outs = new MemoryStream();
+
+ // loop until context is setup and no more tokens to receive
+ while (!context.isEstablished())
+ {
+ outs = new MemoryStream();
+ context.initSecContext(ins, outs);
+
+ // send token if present
+ if (outs.Length > 0)
+ {
+ Console.WriteLine("Sending token...");
+ sendToken(outs);
+ }
+
+ // check if we should expect more tokens
+ if (context.isEstablished())
+ break;
+
+ // another token expected from peer
+ Console.WriteLine("Still expecting another token from server...");
+ ins = recvToken();
+ }
+
+ //
+ // display context information
+ //
+
+ // Did the server authenticate back to client?
+ Console.WriteLine("\n{0} Mutual Authentication",
+ context.getMutualAuthState() ? "Using" : "Not using");
+ Console.WriteLine("Credentials were delegated = "
+ + context.getCredDelegState());
+ Console.WriteLine("Remaining lifetime in seconds = "
+ + context.getLifetime());
+ Console.WriteLine("Context mechanism = " + context.getMech());
+ Console.WriteLine("Initiator = " + context.getSrcName().toString());
+ Console.WriteLine("Acceptor = " + context.getTargName().toString());
+ Console.WriteLine("Confidentiality (i.e., privacy) is {0}available",
+ context.getConfState() ? "" : "not ");
+ Console.WriteLine("Integrity is {0}available",
+ context.getIntegState() ? "" : "not ");
+ Console.WriteLine("Is initiator = " + context.isInitiator());
+ Console.WriteLine("Is transferable = " + context.isTransferable());
+ Console.WriteLine("Is protReady = " + context.isProtReady());
+ Console.WriteLine("ReplayDetState = " +
+ context.getReplayDetState());
+ Console.WriteLine("SequenceDetState = " +
+ context.getSequenceDetState());
+
+ // perform wrap on an application supplied message
+ // using QOP = 0, and requesting privacy service
+
+ MessageProp msgProp = new MessageProp(0, true);
+ byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!");
+ byte [] token = System.Text.Encoding.ASCII.GetBytes("tok");
+
+ // Byte aray method is equivalent to stream method
+ //byte []token = context.wrap(message, 0, appMsg.length, msgProp);
+ //sendToken(token);
+
+ ins = new MemoryStream();
+ outs = new MemoryStream();
+ ins.Write(token, 0, token.Length);
+ context.getMIC(ins, outs, msgProp);
+ sendToken(outs);
+
+ outs = new MemoryStream();
+ outs.Write(message, 0, message.Length);
+ sendToken(outs);
+
+ ins = new MemoryStream();
+ outs = new MemoryStream();
+ ins.Write(message, 0, message.Length);
+ context.wrap(ins, outs, msgProp);
+ sendToken(outs);
+
+ // Optionally export context to another thead
+ GSSContext ctx = manager.createContext(context.export());
+ Console.WriteLine("New context isTransferable = " + ctx.isTransferable());
+ Console.WriteLine("New context isInitiator = " +ctx.isInitiator());
+ Console.WriteLine("New context protReady = " +ctx.isProtReady());
+ Console.WriteLine("New context srcName = " +ctx.getSrcName().toString());
+ Console.WriteLine("New context targName = " +ctx.getTargName().toString());
+
+ // release the local-end of the context
+ ctx.dispose();
+
+ stream.Close();
+ Console.WriteLine("Leaving...");
+ }
+ catch (GSSException e)
+ {
+ Console.WriteLine(e.getMessage());
+ Console.WriteLine(e.StackTrace);
+ }
+ }
+
+
+Expires 10 March 2004
+
+
View Lorry Controller Status