draft-morris-java-gssapi-update-for-csharp-00.txt
1 2 3 GSSAPI Java CSharp C. Morris 4 INTERNET-DRAFT Novell, Inc. 5 draft-morris-java-gssapi-update-for-csharp-00.txt comorris@novell.com 6 Expires 10 March 2004 July 2004 7 8 9 Generic Security Service API Version 2 : Java & C# Bindings 10 11 Status of this Memo 12 13 Comments should be submitted to comorris@novell.com. 14 15 By submitting this Internet-Draft, I certify that any applicable 16 patent or other IPR claims of which I am aware have been disclosed, or 17 will be disclosed, and any of which I become aware will be disclosed, 18 in accordance with RFC 3668. 19 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that other 22 groups may also distribute working documents as Internet-Drafts. 23 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than a "work in progress." 28 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/1id-abstracts.html 31 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 34 35 Abstract 36 37 The Generic Security Services Application Program Interface (GSS-API) 38 offers application programmers uniform access to security services 39 atop a variety of underlying cryptographic mechanisms. This document 40 proposes an update to RFC 2853, Generic Security Service API Version 41 2 : Java Bindings, to include C# bindings. 42 43 4.17. C# Modifications 44 45 This section describes the language dependent modifications necessary 46 to implement the interface in C#. 47 48 4.17.1 C# Assembly Name 49 50 The C# namespace is org.ietf.gss. See section 4.17.5 for an example. 51 52 4.17.2 C# Class Definitions 53 54 All class definitions & methods remain the same as specified in the 55 Java bindings. 56 57 4.17.3 C# Data Types 58 59 All data types remain the same. 60 61 4.17.4 C# Exception Handling 62 63 All exception codes remain the same as specified in the Java bindings. 64 However, C# does not have a 'throws' statement. Therefore, method prototypes do 65 not include the exception type. For example, 66 67 Java method prototype : 68 69 public abstract GSSName createName(String nameStr, Oid nameType) 70 throws GSSException; 71 72 Equivalent C# method prototype : 73 74 public abstract GSSName createName(String nameStr, Oid nameType); 75 76 C# does implement the throw and catch keywords, for example: 77 78 public class GSSName createName(String nameStr, Oid nameType) 79 { 80 int majorCode = 0; 81 ... 82 83 majorCode = validateParms(nameStr, nameType); 84 85 if (majorCode) 86 throw new GSSException(majorCode); 87 88 ... 89 } 90 91 92 4.17.5 C# Example Code 93 94 Client example : 95 96 using ietf.org.gss; 97 98 class GssapiClient 99 { 100 private static TcpClient client; 101 private static NetworkStream stream; 102 103 static void Main(string[] args) 104 { 105 Connect("127.0.0.1", "message from client"); 106 107 try 108 { 109 GSSManager manager = GSSManager.getInstance(); 110 111 Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2"); 112 Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1"); 113 114 // Optionally Identify who the client wishes to be 115 // GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME); 116 117 // Obtain default credential 118 GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY); 119 GSSName name = userCreds.getName(krb5PrincipalNameType); 120 121 Console.WriteLine("Just acquired credentials for " + name.toString()); 122 123 int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4")); 124 int initLife = userCreds.getRemainingInitLifetime(new Oid("1..3.")); 125 int remLife = userCreds.getRemainingLifetime(); 126 int usage = userCreds.getUsage(); 127 128 GSSName namea = userCreds.getName(); 129 Oid[] oa = userCreds.getMechs(); 130 131 // Instantiate and initialize a security context that will be 132 // established with the server 133 GSSContext context = manager.createContext(name, 134 krb5Mechanism, 135 userCreds, 136 GSSContext.DEFAULT_LIFETIME); 137 138 userCreds.dispose(); 139 140 // Optionally Set Context Options, must be done before iniSecContext call 141 context.requestMutualAuth(true); 142 context.requestConf(true); 143 context.requestInteg(true); 144 context.requestSequenceDet(true); 145 context.requestCredDeleg(true); 146 147 MemoryStream ins = new MemoryStream(); 148 MemoryStream outs = new MemoryStream(); 149 150 // loop until context is setup and no more tokens to receive 151 while (!context.isEstablished()) 152 { 153 outs = new MemoryStream(); 154 context.initSecContext(ins, outs); 155 156 // send token if present 157 if (outs.Length > 0) 158 { 159 Console.WriteLine("Sending token..."); 160 sendToken(outs); 161 } 162 163 // check if we should expect more tokens 164 if (context.isEstablished()) 165 break; 166 167 // another token expected from peer 168 Console.WriteLine("Still expecting another token from server..."); 169 ins = recvToken(); 170 } 171 172 // 173 // display context information 174 // 175 176 // Did the server authenticate back to client? 177 Console.WriteLine("\n{0} Mutual Authentication", 178 context.getMutualAuthState() ? "Using" : "Not using"); 179 Console.WriteLine("Credentials were delegated = " 180 + context.getCredDelegState()); 181 Console.WriteLine("Remaining lifetime in seconds = " 182 + context.getLifetime()); 183 Console.WriteLine("Context mechanism = " + context.getMech()); 184 Console.WriteLine("Initiator = " + context.getSrcName().toString()); 185 Console.WriteLine("Acceptor = " + context.getTargName().toString()); 186 Console.WriteLine("Confidentiality (i.e., privacy) is {0}available", 187 context.getConfState() ? "" : "not "); 188 Console.WriteLine("Integrity is {0}available", 189 context.getIntegState() ? "" : "not "); 190 Console.WriteLine("Is initiator = " + context.isInitiator()); 191 Console.WriteLine("Is transferable = " + context.isTransferable()); 192 Console.WriteLine("Is protReady = " + context.isProtReady()); 193 Console.WriteLine("ReplayDetState = " + 194 context.getReplayDetState()); 195 Console.WriteLine("SequenceDetState = " + 196 context.getSequenceDetState()); 197 198 // perform wrap on an application supplied message 199 // using QOP = 0, and requesting privacy service 200 201 MessageProp msgProp = new MessageProp(0, true); 202 byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!"); 203 byte [] token = System.Text.Encoding.ASCII.GetBytes("tok"); 204 205 // Byte aray method is equivalent to stream method 206 //byte []token = context.wrap(message, 0, appMsg.length, msgProp); 207 //sendToken(token); 208 209 ins = new MemoryStream(); 210 outs = new MemoryStream(); 211 ins.Write(token, 0, token.Length); 212 context.getMIC(ins, outs, msgProp); 213 sendToken(outs); 214 215 outs = new MemoryStream(); 216 outs.Write(message, 0, message.Length); 217 sendToken(outs); 218 219 ins = new MemoryStream(); 220 outs = new MemoryStream(); 221 ins.Write(message, 0, message.Length); 222 context.wrap(ins, outs, msgProp); 223 sendToken(outs); 224 225 // Optionally export context to another thead 226 GSSContext ctx = manager.createContext(context.export()); 227 Console.WriteLine("New context isTransferable = " + ctx.isTransferable()); 228 Console.WriteLine("New context isInitiator = " +ctx.isInitiator()); 229 Console.WriteLine("New context protReady = " +ctx.isProtReady()); 230 Console.WriteLine("New context srcName = " +ctx.getSrcName().toString()); 231 Console.WriteLine("New context targName = " +ctx.getTargName().toString()); 232 233 // release the local-end of the context 234 ctx.dispose(); 235 236 stream.Close(); 237 Console.WriteLine("Leaving..."); 238 } 239 catch (GSSException e) 240 { 241 Console.WriteLine(e.getMessage()); 242 Console.WriteLine(e.StackTrace); 243 } 244 } 245 246 247 Expires 10 March 2004 248 249