draft-morris-java-gssapi-update-for-csharp-00.txt   [plain text]

GSSAPI Java CSharp                                             C. Morris
INTERNET-DRAFT                                               Novell, Inc.
draft-morris-java-gssapi-update-for-csharp-00.txt     comorris@novell.com
Expires 10 March 2004                                           July 2004

         Generic Security Service API Version 2 : Java & C# Bindings

Status of this Memo

   Comments should be submitted to comorris@novell.com.

   By submitting this Internet-Draft, I certify that any applicable
   patent or other IPR claims of which I am aware have been disclosed, or
   will be disclosed, and any of which I become aware will be disclosed,
   in accordance with RFC 3668.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than a "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at


   The Generic Security Services Application Program Interface (GSS-API)
   offers application programmers uniform access to security services
   atop a variety of underlying cryptographic mechanisms. This document
   proposes an update to RFC 2853, Generic Security Service API Version 
   2 : Java Bindings, to include C# bindings.

4.17.  C# Modifications

   This section describes the language dependent modifications necessary
   to implement the interface in C#. 
4.17.1   C# Assembly Name

   The C# namespace is org.ietf.gss. See section 4.17.5 for an example.
4.17.2   C# Class Definitions
   All class definitions & methods remain the same as specified in the 
   Java bindings.
4.17.3   C# Data Types

   All data types remain the same.

4.17.4   C# Exception Handling

   All exception codes remain the same as specified in the Java bindings.
   However, C# does not have a 'throws' statement. Therefore, method prototypes do
   not include the exception type. For example,
   Java method prototype :
      public abstract GSSName createName(String nameStr, Oid nameType)
         throws GSSException;
   Equivalent C# method prototype :
      public abstract GSSName createName(String nameStr, Oid nameType);
   C# does implement the throw and catch keywords, for example:
      public class GSSName createName(String nameStr, Oid nameType)
         int majorCode = 0;
         majorCode = validateParms(nameStr, nameType);
         if (majorCode)
            throw new GSSException(majorCode);

4.17.5   C# Example Code

   Client example : 
   using ietf.org.gss;

   class GssapiClient
      private static TcpClient client;
      private static NetworkStream stream;

	   static void Main(string[] args)
		   Connect("", "message from client");

	      GSSManager manager = GSSManager.getInstance();

	      Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
	      Oid krb5PrincipalNameType = new Oid("1.2.840.113554.");

	      // Optionally Identify who the client wishes to be
	      // GSSName name = manager.createName("test@gsserver", GSSName.NT_USER_NAME);
	      // Obtain default credential
	      GSSCredential userCreds = manager.createCredential(GSSCredential.INITIATE_ONLY);
	      GSSName name = userCreds.getName(krb5PrincipalNameType);

	      Console.WriteLine("Just acquired credentials for " + name.toString());

	      int acceptLife = userCreds.getRemainingAcceptLifetime(new Oid("2.3.4"));
	      int initLife   = userCreds.getRemainingInitLifetime(new Oid("1..3."));
	      int remLife    = userCreds.getRemainingLifetime();
	      int usage      = userCreds.getUsage();
	      GSSName namea = userCreds.getName();
	      Oid[] oa = userCreds.getMechs();

         // Instantiate and initialize a security context that will be
         // established with the server
	      GSSContext context = manager.createContext(name,


	      // Optionally Set Context Options, must be done before iniSecContext call

	      MemoryStream ins = new MemoryStream();
	      MemoryStream outs = new MemoryStream();

	      // loop until context is setup and no more tokens to receive
	      while (!context.isEstablished())
   	      outs = new MemoryStream();
	         context.initSecContext(ins, outs);

	         // send token if present
	         if (outs.Length > 0)
		         Console.WriteLine("Sending token...");

	         // check if we should expect more tokens
	         if (context.isEstablished())

	         // another token expected from peer
	         Console.WriteLine("Still expecting another token from server...");
	         ins = recvToken();

	      // display context information

	      // Did the server authenticate back to client?
	      Console.WriteLine("\n{0} Mutual Authentication", 
	      context.getMutualAuthState() ? "Using" : "Not using");
	      Console.WriteLine("Credentials were delegated = " 
   	      + context.getCredDelegState());
	      Console.WriteLine("Remaining lifetime in seconds = " 
	         + context.getLifetime());
	      Console.WriteLine("Context mechanism = " + context.getMech());
	      Console.WriteLine("Initiator = " + context.getSrcName().toString());
	      Console.WriteLine("Acceptor = " + context.getTargName().toString());
	      Console.WriteLine("Confidentiality (i.e., privacy) is {0}available", 
	      context.getConfState() ? "" : "not ");
	      Console.WriteLine("Integrity is {0}available", 
	      context.getIntegState() ? "" : "not ");
	      Console.WriteLine("Is initiator = " + context.isInitiator());
	      Console.WriteLine("Is transferable = " + context.isTransferable());
	      Console.WriteLine("Is protReady = " + context.isProtReady());
	      Console.WriteLine("ReplayDetState = " + 
	      Console.WriteLine("SequenceDetState = " + 

	      // perform wrap on an application supplied message
	      // using QOP = 0, and requesting privacy service

	      MessageProp msgProp = new MessageProp(0, true);
	      byte [] message = System.Text.Encoding.ASCII.GetBytes("Hello GSS-API!");
	      byte [] token = System.Text.Encoding.ASCII.GetBytes("tok");

	      // Byte aray method is equivalent to stream method
	      //byte []token = context.wrap(message, 0, appMsg.length, msgProp);

	      ins = new MemoryStream();
	      outs = new MemoryStream();
	      ins.Write(token, 0, token.Length);
	      context.getMIC(ins, outs, msgProp);

	      outs = new MemoryStream();
	      outs.Write(message, 0, message.Length);

	      ins = new MemoryStream();
	      outs = new MemoryStream();
	      ins.Write(message, 0, message.Length);
	      context.wrap(ins, outs, msgProp);

         // Optionally export context to another thead
	      GSSContext ctx = manager.createContext(context.export());
	      Console.WriteLine("New context isTransferable = " + ctx.isTransferable());
	      Console.WriteLine("New context isInitiator = " +ctx.isInitiator());
	      Console.WriteLine("New context protReady = " +ctx.isProtReady());
	      Console.WriteLine("New context srcName = " +ctx.getSrcName().toString());
	      Console.WriteLine("New context targName = " +ctx.getTargName().toString());

	      // release the local-end of the context

	   catch (GSSException e)

Expires 10 March 2004