3
GSSAPI Java CSharp C. Morris
4
INTERNET-DRAFT Novell, Inc.
5
draft-morris-java-gssapi-update-for-csharp-00.txt comorris@novell.com
6
Expires 10 March 2004 July 2004
9
Generic Security Service API Version 2 : Java & C# Bindings
13
Comments should be submitted to comorris@novell.com.
15
By submitting this Internet-Draft, I certify that any applicable
16
patent or other IPR claims of which I am aware have been disclosed, or
17
will be disclosed, and any of which I become aware will be disclosed,
18
in accordance with RFC 3668.
20
Internet-Drafts are working documents of the Internet Engineering
21
Task Force (IETF), its areas, and its working groups. Note that other
22
groups may also distribute working documents as Internet-Drafts.
24
Internet-Drafts are draft documents valid for a maximum of six months
25
and may be updated, replaced, or obsoleted by other documents at any
26
time. It is inappropriate to use Internet-Drafts as reference
27
material or to cite them other than a "work in progress."
29
The list of current Internet-Drafts can be accessed at
30
http://www.ietf.org/1id-abstracts.html
32
The list of Internet-Draft Shadow Directories can be accessed at
33
http://www.ietf.org/shadow.html
37
The Generic Security Services Application Program Interface (GSS-API)
38
offers application programmers uniform access to security services
39
atop a variety of underlying cryptographic mechanisms. This document
40
proposes an update to RFC 2853, Generic Security Service API Version
41
2 : Java Bindings, to include C# bindings.
43
4.17. C# Modifications
45
This section describes the language dependent modifications necessary
46
to implement the interface in C#.
48
4.17.1 C# Assembly Name
50
The C# namespace is org.ietf.gss. See section 4.17.5 for an example.
52
4.17.2 C# Class Definitions
54
All class definitions & methods remain the same as specified in the
59
All data types remain the same.
61
4.17.4 C# Exception Handling
63
All exception codes remain the same as specified in the Java bindings.
64
However, C# does not have a 'throws' statement. Therefore, method prototypes do
65
not include the exception type. For example,
67
Java method prototype :
69
public abstract GSSName createName(String nameStr, Oid nameType)
72
Equivalent C# method prototype :
74
public abstract GSSName createName(String nameStr, Oid nameType);
76
C# does implement the throw and catch keywords, for example:
78
public class GSSName createName(String nameStr, Oid nameType)
83
majorCode = validateParms(nameStr, nameType);
86
throw new GSSException(majorCode);
92
4.17.5 C# Example Code
100
private static TcpClient client;
101
private static NetworkStream stream;
103
static void Main(string[] args)
105
Connect("127.0.0.1", "message from client");
109
GSSManager manager = GSSManager.getInstance();
111
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
112
Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
114
// Optionally Identify who the client wishes to be
115
// GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME);
117
// Obtain default credential
118
GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY);
119
GSSName name = userCreds.getName(krb5PrincipalNameType);
121
Console.WriteLine("Just acquired credentials for " + name.toString());
123
int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4"));
124
int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3."));
125
int remLife = userCreds.getRemainingLifetime();
126
int usage = userCreds.getUsage();
128
GSSName namea = userCreds.getName();
129
Oid[] oa = userCreds.getMechs();
131
// Instantiate and initialize a security context that will be
132
// established with the server
133
GSSContext context = manager.createContext(name,
136
GSSContext.DEFAULT_LIFETIME);
140
// Optionally Set Context Options, must be done before iniSecContext call
141
context.requestMutualAuth(true);
142
context.requestConf(true);
143
context.requestInteg(true);
144
context.requestSequenceDet(true);
145
context.requestCredDeleg(true);
147
MemoryStream ins = new MemoryStream();
148
MemoryStream outs = new MemoryStream();
150
// loop until context is setup and no more tokens to receive
151
while (!context.isEstablished())
153
outs = new MemoryStream();
154
context.initSecContext(ins, outs);
156
// send token if present
159
Console.WriteLine("Sending token...");
163
// check if we should expect more tokens
164
if (context.isEstablished())
167
// another token expected from peer
168
Console.WriteLine("Still expecting another token from server...");
173
// display context information
176
// Did the server authenticate back to client?
177
Console.WriteLine("\n{0} Mutual Authentication",
178
context.getMutualAuthState() ? "Using" : "Not using");
179
Console.WriteLine("Credentials were delegated = "
180
+ context.getCredDelegState());
181
Console.WriteLine("Remaining lifetime in seconds = "
182
+ context.getLifetime());
183
Console.WriteLine("Context mechanism = " + context.getMech());
184
Console.WriteLine("Initiator = " + context.getSrcName().toString());
185
Console.WriteLine("Acceptor = " + context.getTargName().toString());
186
Console.WriteLine("Confidentiality (i.e., privacy) is {0}available",
187
context.getConfState() ? "" : "not ");
188
Console.WriteLine("Integrity is {0}available",
189
context.getIntegState() ? "" : "not ");
190
Console.WriteLine("Is initiator = " + context.isInitiator());
191
Console.WriteLine("Is transferable = " + context.isTransferable());
192
Console.WriteLine("Is protReady = " + context.isProtReady());
193
Console.WriteLine("ReplayDetState = " +
194
context.getReplayDetState());
195
Console.WriteLine("SequenceDetState = " +
196
context.getSequenceDetState());
198
// perform wrap on an application supplied message
199
// using QOP = 0, and requesting privacy service
201
MessageProp msgProp = new MessageProp(0, true);
202
byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!");
203
byte [] token = System.Text.Encoding.ASCII.GetBytes("tok");
205
// Byte aray method is equivalent to stream method
206
//byte []token = context.wrap(message, 0, appMsg.length, msgProp);
209
ins = new MemoryStream();
210
outs = new MemoryStream();
211
ins.Write(token, 0, token.Length);
212
context.getMIC(ins, outs, msgProp);
215
outs = new MemoryStream();
216
outs.Write(message, 0, message.Length);
219
ins = new MemoryStream();
220
outs = new MemoryStream();
221
ins.Write(message, 0, message.Length);
222
context.wrap(ins, outs, msgProp);
225
// Optionally export context to another thead
226
GSSContext ctx = manager.createContext(context.export());
227
Console.WriteLine("New context isTransferable = " + ctx.isTransferable());
228
Console.WriteLine("New context isInitiator = " +ctx.isInitiator());
229
Console.WriteLine("New context protReady = " +ctx.isProtReady());
230
Console.WriteLine("New context srcName = " +ctx.getSrcName().toString());
231
Console.WriteLine("New context targName = " +ctx.getTargName().toString());
233
// release the local-end of the context
237
Console.WriteLine("Leaving...");
239
catch (GSSException e)
241
Console.WriteLine(e.getMessage());
242
Console.WriteLine(e.StackTrace);
247
Expires 10 March 2004