1
2
3GSSAPI Java CSharp C. Morris
4INTERNET-DRAFT Novell, Inc.
5draft-morris-java-gssapi-update-for-csharp-00.txt comorris@novell.com
6Expires 10 March 2004 July 2004
7
8
9 Generic Security Service API Version 2 : Java & C# Bindings
10
11Status of this Memo
12
13 Comments should be submitted to comorris@novell.com.
14
15 By submitting this Internet-Draft, I certify that any applicable
16 patent or other IPR claims of which I am aware have been disclosed, or
17 will be disclosed, and any of which I become aware will be disclosed,
18 in accordance with RFC 3668.
19
20 Internet-Drafts are working documents of the Internet Engineering
21 Task Force (IETF), its areas, and its working groups. Note that other
22 groups may also distribute working documents as Internet-Drafts.
23
24 Internet-Drafts are draft documents valid for a maximum of six months
25 and may be updated, replaced, or obsoleted by other documents at any
26 time. It is inappropriate to use Internet-Drafts as reference
27 material or to cite them other than a "work in progress."
28
29 The list of current Internet-Drafts can be accessed at
30 http://www.ietf.org/1id-abstracts.html
31
32 The list of Internet-Draft Shadow Directories can be accessed at
33 http://www.ietf.org/shadow.html
34
35Abstract
36
37 The Generic Security Services Application Program Interface (GSS-API)
38 offers application programmers uniform access to security services
39 atop a variety of underlying cryptographic mechanisms. This document
40 proposes an update to RFC 2853, Generic Security Service API Version
41 2 : Java Bindings, to include C# bindings.
42
434.17. C# Modifications
44
45 This section describes the language dependent modifications necessary
46 to implement the interface in C#.
47
484.17.1 C# Assembly Name
49
50 The C# namespace is org.ietf.gss. See section 4.17.5 for an example.
51
524.17.2 C# Class Definitions
53
54 All class definitions & methods remain the same as specified in the
55 Java bindings.
56
574.17.3 C# Data Types
58
59 All data types remain the same.
60
614.17.4 C# Exception Handling
62
63 All exception codes remain the same as specified in the Java bindings.
64 However, C# does not have a 'throws' statement. Therefore, method prototypes do
65 not include the exception type. For example,
66
67 Java method prototype :
68
69 public abstract GSSName createName(String nameStr, Oid nameType)
70 throws GSSException;
71
72 Equivalent C# method prototype :
73
74 public abstract GSSName createName(String nameStr, Oid nameType);
75
76 C# does implement the throw and catch keywords, for example:
77
78 public class GSSName createName(String nameStr, Oid nameType)
79 {
80 int majorCode = 0;
81 ...
82
83 majorCode = validateParms(nameStr, nameType);
84
85 if (majorCode)
86 throw new GSSException(majorCode);
87
88 ...
89 }
90
91
924.17.5 C# Example Code
93
94 Client example :
95
96 using ietf.org.gss;
97
98 class GssapiClient
99 {
100 private static TcpClient client;
101 private static NetworkStream stream;
102
103 static void Main(string[] args)
104 {
105 Connect("127.0.0.1", "message from client");
106
107 try
108 {
109 GSSManager manager = GSSManager.getInstance();
110
111 Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
112 Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
113
114 // Optionally Identify who the client wishes to be
115 // GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME);
116
117 // Obtain default credential
118 GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY);
119 GSSName name = userCreds.getName(krb5PrincipalNameType);
120
121 Console.WriteLine("Just acquired credentials for " + name.toString());
122
123 int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4"));
124 int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3."));
125 int remLife = userCreds.getRemainingLifetime();
126 int usage = userCreds.getUsage();
127
128 GSSName namea = userCreds.getName();
129 Oid[] oa = userCreds.getMechs();
130
131 // Instantiate and initialize a security context that will be
132 // established with the server
133 GSSContext context = manager.createContext(name,
134 krb5Mechanism,
135 userCreds,
136 GSSContext.DEFAULT_LIFETIME);
137
138 userCreds.dispose();
139
140 // Optionally Set Context Options, must be done before iniSecContext call
141 context.requestMutualAuth(true);
142 context.requestConf(true);
143 context.requestInteg(true);
144 context.requestSequenceDet(true);
145 context.requestCredDeleg(true);
146
147 MemoryStream ins = new MemoryStream();
148 MemoryStream outs = new MemoryStream();
149
150 // loop until context is setup and no more tokens to receive
151 while (!context.isEstablished())
152 {
153 outs = new MemoryStream();
154 context.initSecContext(ins, outs);
155
156 // send token if present
157 if (outs.Length > 0)
158 {
159 Console.WriteLine("Sending token...");
160 sendToken(outs);
161 }
162
163 // check if we should expect more tokens
164 if (context.isEstablished())
165 break;
166
167 // another token expected from peer
168 Console.WriteLine("Still expecting another token from server...");
169 ins = recvToken();
170 }
171
172 //
173 // display context information
174 //
175
176 // Did the server authenticate back to client?
177 Console.WriteLine("\n{0} Mutual Authentication",
178 context.getMutualAuthState() ? "Using" : "Not using");
179 Console.WriteLine("Credentials were delegated = "
180 + context.getCredDelegState());
181 Console.WriteLine("Remaining lifetime in seconds = "
182 + context.getLifetime());
183 Console.WriteLine("Context mechanism = " + context.getMech());
184 Console.WriteLine("Initiator = " + context.getSrcName().toString());
185 Console.WriteLine("Acceptor = " + context.getTargName().toString());
186 Console.WriteLine("Confidentiality (i.e., privacy) is {0}available",
187 context.getConfState() ? "" : "not ");
188 Console.WriteLine("Integrity is {0}available",
189 context.getIntegState() ? "" : "not ");
190 Console.WriteLine("Is initiator = " + context.isInitiator());
191 Console.WriteLine("Is transferable = " + context.isTransferable());
192 Console.WriteLine("Is protReady = " + context.isProtReady());
193 Console.WriteLine("ReplayDetState = " +
194 context.getReplayDetState());
195 Console.WriteLine("SequenceDetState = " +
196 context.getSequenceDetState());
197
198 // perform wrap on an application supplied message
199 // using QOP = 0, and requesting privacy service
200
201 MessageProp msgProp = new MessageProp(0, true);
202 byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!");
203 byte [] token = System.Text.Encoding.ASCII.GetBytes("tok");
204
205 // Byte aray method is equivalent to stream method
206 //byte []token = context.wrap(message, 0, appMsg.length, msgProp);
207 //sendToken(token);
208
209 ins = new MemoryStream();
210 outs = new MemoryStream();
211 ins.Write(token, 0, token.Length);
212 context.getMIC(ins, outs, msgProp);
213 sendToken(outs);
214
215 outs = new MemoryStream();
216 outs.Write(message, 0, message.Length);
217 sendToken(outs);
218
219 ins = new MemoryStream();
220 outs = new MemoryStream();
221 ins.Write(message, 0, message.Length);
222 context.wrap(ins, outs, msgProp);
223 sendToken(outs);
224
225 // Optionally export context to another thead
226 GSSContext ctx = manager.createContext(context.export());
227 Console.WriteLine("New context isTransferable = " + ctx.isTransferable());
228 Console.WriteLine("New context isInitiator = " +ctx.isInitiator());
229 Console.WriteLine("New context protReady = " +ctx.isProtReady());
230 Console.WriteLine("New context srcName = " +ctx.getSrcName().toString());
231 Console.WriteLine("New context targName = " +ctx.getTargName().toString());
232
233 // release the local-end of the context
234 ctx.dispose();
235
236 stream.Close();
237 Console.WriteLine("Leaving...");
238 }
239 catch (GSSException e)
240 {
241 Console.WriteLine(e.getMessage());
242 Console.WriteLine(e.StackTrace);
243 }
244 }
245
246
247Expires 10 March 2004
248�
249
250