Internet-Draft                                               Jack Kabat
IETF CAT Working Group                                   ValiCert, Inc.
Document: <draft-ietf-cat-gssv2-javabind-01.txt> <draft-ietf-cat-gssv2-javabind-02.txt>        Mayank Upadhyay
                                                 Sun Microsystems, Inc.

         Generic Security Service API Version 2 : Java bindings

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet- Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

Abstract

   The Generic Security Services Application Program Interface (GSS-API)
   offers application programmers uniform access to security services
   atop a variety of underlying cryptographic mechanisms. This document
   specifies the Java bindings for GSS-API which is described at a
   language independent conceptual level in RFC 2078 [GSSAPIv2].

   The GSS-API allows a caller application to authenticate a principal
   identity, to delegate rights to a peer, and to apply security
   services such as confidentiality and integrity on a per-message
   basis. Examples of security mechanisms defined for GSS-API are The
   Simple Public-Key GSS-API Mechanism [SPKM] and The Kerberos Version 5
   GSS-API Mechanism [KERBV5].

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6
   2.  GSS-API Operational Paradigm . . . . . . . . . . . . . . . . 6 7
   3.  GSS-API Classes  . .  Additional Controls  . . . . . . . . . . . . . . . . . . . . 8
   3.1.  GSSCredential class  . . . . . .  Delegation . . . . . . . . . . . . . 8
   3.2.  GSSContext class . . . . . . . . . . . 9
   3.2.  Mutual Authentication  . . . . . . . . . . 9
   3.3.  GSSName class . . . . . . .  10
   3.3.  Replay and Out-of-Sequence Detection . . . . . . . . . .  11
   3.4.  Anonymous Authentication . . . .  10
   3.4.  GSSManager class . . . . . . . . . . . .  11
   3.5.  Confidentiality  . . . . . . . .  11
   3.5.  GSSException class . . . . . . . . . . . .  12
   3.6.  Inter-process Context Transfer . . . . . . .  11
   3.6.  Oid class . . . . . .  13
   3.7.  The Use of Incomplete Contexts . . . . . . . . . . . . .  13
   4.  Calling Conventions  . . . .  11
   3.7.  MessageProp class . . . . . . . . . . . . . . .  14
   4.1.  Package Name . . . .  12
   3.8.  ChannelBinding class . . . . . . . . . . . . . . . . . .  12
   4.  Calling Conventions  14
   4.2.  Provider Framework . . . . . . . . . . . . . . . . . . .  12
   4.1.  14
   4.3.  Integer types  . . . . . . . . . . . . . . . . . . . . .  12
   4.2.  15
   4.4.  Opaque Data types  . . . . . . . . . . . . . . . . . . .  13
   4.3.  15
   4.5.  Strings  . . . . . . . . . . . . . . . . . . . . . . . .  13
   4.4.  15
   4.6.  Object Identifiers . . . . . . . . . . . . . . . . . . .  13
   4.5.  16
   4.7.  Object Identifier Sets . . . . . . . . . . . . . . . . .  13
   4.6.  16
   4.8.  Credentials  . . . . . . . . . . . . . . . . . . . . . .  14
   4.7.  16
   4.9.  Contexts . . . . . . . . . . . . . . . . . . . . . . . .  16
   4.8.  18
   4.10.  Authentication tokens . . . . . . . . . . . . . . . . .  16
   4.9.  19
   4.11.  Interprocess tokens . . . . . . . . . . . . . . . . . .  16
   4.10.  19
   4.12.  Error Reporting . . . . . . . . . . . . . . . . . . . .  17
   4.10.1.  20
   4.12.1.  GSS status codes  . . . . . . . . . . . . . . . . . .  17
   4.10.2.  20
   4.12.2.  Mechanism-specific status codes . . . . . . . . . . .  19
   4.10.3.  22
   4.12.3.  Supplementary status codes  . . . . . . . . . . . . .  20
   4.11.  22
   4.13.  Names . . . . . . . . . . . . . . . . . . . . . . . . .  20
   4.12.  23
   4.14.  Channel Bindings  . . . . . . . . . . . . . . . . . . .  23
   4.13.  26
   4.15.  Stream Objects  . . . . . . . . . . . . . . . . . . . .  24
   4.14.  27
   4.16.  Optional Parameters . . . . . . . . . . . . . . . . . .  24  27
   5.  Additional Controls  GSS Provider's Interface . . . . . . . . . . . . . . . . .  27
   5.1.  GSSFactory interface . .  24
   5.1.  Delegation . . . . . . . . . . . . . . . .  28
   5.2.  IGSSName interface . . . . . . .  26
   5.2.  Mutual Authentication . . . . . . . . . . . .  28
   5.3.  IGSSCredential interface . . . . . .  26
   5.3.  Replay and Out-of-Sequence Detection . . . . . . . . . .  27  29
   5.4.  Anonymous Authentication  IGSSContext interface  . . . . . . . . . . . . . . . .  28
   5.5.  Confidentiality .  30
   6.  GSS Application Programmer's Classes . . . . . . . . . . .  31
   6.1.  GSSManager class . . . . . . . .  29
   5.6.  Inter-process Context Transfer . . . . . . . . . . . .  32
   6.2.  GSSName class  .  29
   5.7.  The Use of Incomplete Contexts . . . . . . . . . . . . .  30
   6.  Detailed GSS-API Class Description . . . . . . .  32
   6.3.  GSSCredential class  . . . . .  30
   6.1.  public class GSSName . . . . . . . . . . . . .  32
   6.4.  GSSContext class . . . . .  30
   6.1.1.  Example Code . . . . . . . . . . . . . . .  32
   6.5.  MessageProp class  . . . . . .  30
   6.1.2.  Class Constants . . . . . . . . . . . . .  33
   6.6.  GSSException class . . . . . .  31
   6.1.3.  Constructors . . . . . . . . . . . . .  33
   6.7.  Oid class  . . . . . . . .  32
   6.1.4.  equals . . . . . . . . . . . . . . .  33
   6.8.  ChannelBinding class . . . . . . . . .  34
   6.1.5.  equals . . . . . . . . .  33
   7.  Detailed GSS-API Class Description . . . . . . . . . . . .  34
   7.1.  public interface GSSFactory  . . .  34
   6.1.6.  canonicalize . . . . . . . . . . .  34
   7.1.1.  createName . . . . . . . . . .  34
   6.1.7.  export . . . . . . . . . . . .  34
   7.1.2.  createName . . . . . . . . . . . .  35
   6.1.8.  toString . . . . . . . . . .  35
   7.1.3.  createName . . . . . . . . . . . . .  35
   6.1.9.  getStringNameType . . . . . . . . .  36
   7.1.4.  createName . . . . . . . . .  35
   6.1.10.  clone . . . . . . . . . . . . .  36
   7.1.5.  createCredential . . . . . . . . . . .  35
   6.1.11.  isAnonymous . . . . . . . .  37
   7.1.6.  createCredential . . . . . . . . . . . . .  35
   6.2.  public class GSSCredential . . . . . .  37
   7.1.7.  createCredential . . . . . . . . .  35
   6.2.1.  Example Code . . . . . . . . . .  38
   7.1.8.  createContext  . . . . . . . . . . .  36
   6.2.2.  Class Constants . . . . . . . . .  38
   7.1.9.  createContext  . . . . . . . . . .  37
   6.2.3.  Constructors . . . . . . . . . .  39
   7.1.10.  createContext . . . . . . . . . . .  37
   6.2.4.  dispose . . . . . . . . .  39
   7.1.11.  getMechs  . . . . . . . . . . . . . .  39
   6.2.5.  getGSSName . . . . . . . .  39
   7.1.12.  getMechsForName . . . . . . . . . . . . . .  39
   6.2.6.  getGSSName . . . . .  40
   7.1.13.  getNamesForMech . . . . . . . . . . . . . . . . .  40
   6.2.7.  getRemainingLifetime . .  40
   7.2.  public interface IGSSName extends java.security.Principal 40
   7.2.1.  Static Constants . . . . . . . . . . . . . . .  40
   6.2.8.  getRemainingInitLifetime . . . .  41
   7.2.2.  equals . . . . . . . . . . .  40
   6.2.9.  getRemainingAcceptLifetime . . . . . . . . . . . . .  42
   7.2.3.  equals .  40
   6.2.10.  getUsage . . . . . . . . . . . . . . . . . . . . . .  41
   6.2.11.  getUsage .  42
   7.2.4.  canonicalize . . . . . . . . . . . . . . . . . . . . .  41
   6.2.12.  getMechs  42
   7.2.5.  export . . . . . . . . . . . . . . . . . . . . . .  41
   6.2.13.  add . .  43
   7.2.6.  toString . . . . . . . . . . . . . . . . . . . . . . .  41
   6.2.14.  equals  43
   7.2.7.  getStringNameType  . . . . . . . . . . . . . . . . . .  43
   7.2.8.  isAnonymous  . . . . .  42
   6.3.  public class GSSContext . . . . . . . . . . . . . . . .  43
   6.3.1.  Example Code
   7.2.9.  isMN . . . . . . . . . . . . . . . . . . . . . . . . .  44
   6.3.2.  Class
   7.3.  public interface IGSSCredential implements Cloneable . .  44
   7.3.1.  Static Constants . . . . . . . . . . . . . . . . . . .  45
   6.3.3.  Constructors
   7.3.2.  dispose  . . . . . . . . . . . . . . . . . . . . .  46
   6.3.4.  init . .  45
   7.3.3.  getName  . . . . . . . . . . . . . . . . . . . . . . .  47
   6.3.4.1.  Example Code  45
   7.3.4.  getName  . . . . . . . . . . . . . . . . . . . .  47
   6.3.5.  init . . .  46
   7.3.5.  getRemainingLifetime . . . . . . . . . . . . . . . . .  46
   7.3.6.  getRemainingInitLifetime . . . . .  48
   6.3.5.1.  Example Code . . . . . . . . . .  46
   7.3.7.  getRemainingAcceptLifetime . . . . . . . . . .  49
   6.3.6.  accept . . . .  46
   7.3.8.  getUsage . . . . . . . . . . . . . . . . . . . .  50
   6.3.6.1.  Example Code . . .  47
   7.3.9.  getUsage . . . . . . . . . . . . . . . . .  50
   6.3.7.  accept . . . . . .  47
   7.3.10.  getMechs  . . . . . . . . . . . . . . . . . .  51
   6.3.7.1.  Example Code . . . .  47
   7.3.11.  add . . . . . . . . . . . . . . . .  52
   6.3.8.  isEstablished . . . . . . . . .  47
   7.3.12.  equals  . . . . . . . . . . .  52
   6.3.9.  dispose . . . . . . . . . . . .  48
   7.4.  public interface IGSSContext . . . . . . . . . . .  52
   6.3.10.  getWrapSizeLimit . . .  49
   7.4.1.  Static Constants . . . . . . . . . . . . . . .  53
   6.3.11.  wrap . . . .  50
   7.4.2.  initSecContext . . . . . . . . . . . . . . . . . . . .  53
   6.3.12.  wrap  50
   7.4.2.1.  Example Code . . . . . . . . . . . . . . . . . . . .  51
   7.4.3.  initSecContext . . . .  54
   6.3.13.  unwrap . . . . . . . . . . . . . . . .  51
   7.4.3.1.  Example Code . . . . . . .  55
   6.3.14.  unwrap . . . . . . . . . . . . .  52
   7.4.4.  acceptSecContext . . . . . . . . . .  56
   6.3.15.  getMIC . . . . . . . . .  53
   7.4.4.1.  Example Code . . . . . . . . . . . . . .  56
   6.3.16.  getMIC . . . . . .  54
   7.4.5.  acceptSecContext . . . . . . . . . . . . . . . . .  57
   6.3.17.  verifyMIC . .  54
   7.4.5.1.  Example Code . . . . . . . . . . . . . . . . . . . .  57
   6.3.18.  verifyMIC  55
   7.4.6.  isEstablished  . . . . . . . . . . . . . . . . . . . .  56
   7.4.7.  dispose  . .  58
   6.3.19.  export . . . . . . . . . . . . . . . . . . . . .  56
   7.4.8.  getWrapSizeLimit . .  59
   6.3.20.  requestMutualAuth . . . . . . . . . . . . . . . . .  56
   7.4.9.  wrap .  60
   6.3.21.  requestReplayDet . . . . . . . . . . . . . . . . . .  60
   6.3.22.  requestSequenceDet . . . . . .  57
   7.4.10.  wrap  . . . . . . . . . . .  60
   6.3.23.  requestCredDeleg . . . . . . . . . . . . .  58
   7.4.11.  unwrap  . . . . .  60
   6.3.24.  requestAnonymity . . . . . . . . . . . . . . . . . .  61
   6.3.25.  requestConf  59
   7.4.12.  unwrap  . . . . . . . . . . . . . . . . . . . . .  61
   6.3.26.  requestInteg . .  59
   7.4.13.  getMIC  . . . . . . . . . . . . . . . . . .  61
   6.3.27.  requestLifetime . . . . .  60
   7.4.14.  getMIC  . . . . . . . . . . . . . .  62
   6.3.28.  setChannelBinding . . . . . . . . .  61
   7.4.15.  verifyMIC . . . . . . . . .  62
   6.3.29.  getCredDelegState . . . . . . . . . . . . .  61
   7.4.16.  verifyMIC . . . . .  62
   6.3.30.  getMutualAuthState . . . . . . . . . . . . . . . . .  62
   6.3.31.  getReplayDetState
   7.4.17.  export  . . . . . . . . . . . . . . . . . .  63
   6.3.32.  getSequenceDetState . . . . .  63
   7.4.18.  requestMutualAuth . . . . . . . . . . . .  63
   6.3.33.  getAnonymityState . . . . . .  64
   7.4.19.  requestReplayDet  . . . . . . . . . . . .  63
   6.3.34.  isTransferable . . . . . .  64
   7.4.20.  requestSequenceDet  . . . . . . . . . . . . .  63
   6.3.35.  isProtReady . . . .  64
   7.4.21.  requestCredDeleg  . . . . . . . . . . . . . . . . .  63
   6.3.36.  getConfState .  65
   7.4.22.  requestAnonymity  . . . . . . . . . . . . . . . . . .  65
   7.4.23.  requestConf .  64
   6.3.37.  getIntegState . . . . . . . . . . . . . . . . . . . .  64
   6.3.38.  getLifetime  65
   7.4.24.  requestInteg  . . . . . . . . . . . . . . . . . . . .  66
   7.4.25.  requestLifetime .  64
   6.3.39.  getSrcName . . . . . . . . . . . . . . . . . .  66
   7.4.26.  setChannelBinding . . .  64
   6.3.40.  getTargName . . . . . . . . . . . . . . .  66
   7.4.27.  getCredDelegState . . . . . .  64
   6.3.41.  getMech . . . . . . . . . . . .  66
   7.4.28.  getMutualAuthState  . . . . . . . . . . .  65
   6.3.42.  getDelegCred . . . . . .  67
   7.4.29.  getReplayDetState . . . . . . . . . . . . . .  65
   6.3.43.  isInitiator . . . .  67
   7.4.30.  getSequenceDetState . . . . . . . . . . . . . . . . .  65
   6.4.  public class MessageProp  67
   7.4.31.  getAnonymityState . . . . . . . . . . . . . . . .  65
   6.4.1.  Constructors . .  67
   7.4.32.  isTransferable  . . . . . . . . . . . . . . . . . . .  66
   6.4.2.  getQOP  67
   7.4.33.  isProtReady . . . . . . . . . . . . . . . . . . . . .  68
   7.4.34.  getConfState  . . . . .  66
   6.4.3.  getPrivacy . . . . . . . . . . . . . . .  68
   7.4.35.  getIntegState . . . . . . .  66
   6.4.4.  setQOP . . . . . . . . . . . . .  68
   7.4.36.  getLifetime . . . . . . . . . . .  66
   6.4.5.  setPrivacy . . . . . . . . . .  68
   7.4.37.  getSrcName  . . . . . . . . . . . .  67
   6.4.6.  isDuplicateToken . . . . . . . . .  68
   7.4.38.  getTargName . . . . . . . . . .  67
   6.4.7.  isOldToken . . . . . . . . . . .  69
   7.4.39.  getMech . . . . . . . . . . .  67
   6.4.8.  isUnseqToken . . . . . . . . . . . .  69
   7.4.40.  getDelegCred  . . . . . . . . .  67
   6.4.9.  isGapToken . . . . . . . . . . .  69
   7.4.41.  isInitiator . . . . . . . . . . .  67
   6.5. . . . . . . . . . .  69
   7.5.  public class GSSManager MessageProp . . . . . . . . . . . . . . . .  67
   6.5.1.  getMechs  69
   7.5.1.  Constructors . . . . . . . . . . . . . . . . . . . . .  70
   7.5.2.  getQOP . .  68
   6.5.2.  getNamesForMech . . . . . . . . . . . . . . . . . . .  68
   6.5.3.  getMechsForName . . .  70
   7.5.3.  getPrivacy . . . . . . . . . . . . . . . .  68
   6.5.4.  getDefaultMech . . . . . .  70
   7.5.4.  setQOP . . . . . . . . . . . . . .  68
   6.6.  public class ChannelBinding . . . . . . . . . .  71
   7.5.5.  setPrivacy . . . .  68
   6.6.1.  Constructors . . . . . . . . . . . . . . . . . .  71
   7.5.6.  isDuplicateToken . . .  69
   6.6.2.  getInitiatorAddress . . . . . . . . . . . . . . . .  71
   7.5.7.  isOldToken . .  70
   6.6.3.  getAcceptorAddress . . . . . . . . . . . . . . . . . .  70
   6.6.4.  getApplicationData . .  71
   7.5.8.  isUnseqToken . . . . . . . . . . . . . . . .  70
   6.6.5.  equals . . . . .  71
   7.5.9.  isGapToken . . . . . . . . . . . . . . . . . . .  70
   6.7. . . .  72
   7.5.10.  setSupplementaryStates  . . . . . . . . . . . . . . .  72
   7.6.  public class Oid ChannelBinding  . . . . . . . . . . . . . .  72
   7.6.1.  Constructors . . . . . .  70
   6.7.1.  Constructors . . . . . . . . . . . . . . .  73
   7.6.2.  getInitiatorAddress  . . . . . .  71
   6.7.2.  toString . . . . . . . . . . .  73
   7.6.3.  getAcceptorAddress . . . . . . . . . . . .  71
   6.7.3.  toRFC2078String . . . . . .  74
   7.6.4.  getApplicationData . . . . . . . . . . . . .  72
   6.7.4.  equals . . . . .  74
   7.6.5.  equals . . . . . . . . . . . . . . . . . . .  72
   6.7.5.  getDER . . . . .  74
   7.7.  public class Oid . . . . . . . . . . . . . . . . . . .  72
   6.7.6.  containedIn .  74
   7.7.1.  Constructors . . . . . . . . . . . . . . . . . . . .  72
   6.8.  public class GSSException extends Exception .  75
   7.7.2.  toString . . . . .  72
   6.8.1.  Class Constants . . . . . . . . . . . . . . . . . .  75
   7.7.3.  equals . . .  73
   6.8.2.  Constructors . . . . . . . . . . . . . . . . . . . . .  75
   6.8.3.  getMajor
   7.7.4.  getDER . . . . . . . . . . . . . . . . . . . . . . . .  76
   6.8.4.  getMinor
   7.7.5.  containedIn  . . . . . . . . . . . . . . . . . . . . .  76
   7.8.  public class GSSException extends Exception  . .  76
   6.8.5.  getMajorString . . . .  76
   7.8.1.  Static Constants . . . . . . . . . . . . . . . . . . .  76
   6.8.6.  getMinorString
   7.8.2.  Constructors . . . . . . . . . . . . . . . . . . . .  77
   6.8.7.  setMinor .  79
   7.8.3.  getMajor . . . . . . . . . . . . . . . . . . . . . .  77
   6.8.8.  toString .  80
   7.8.4.  getMinor . . . . . . . . . . . . . . . . . . . . . .  77
   6.8.9.  getMessage .  80
   7.8.5.  getMajorString . . . . . . . . . . . . . . . . . . . .  80
   7.8.6.  getMinorString .  77
   7.  Acknowledgments . . . . . . . . . . . . . . . . . . .  80
   7.8.7.  setMinor . .  77
   8.  Bibliography . . . . . . . . . . . . . . . . . . . . .  81
   7.8.8.  toString . .  79
   9.  Author's Address . . . . . . . . . . . . . . . . . . . . .  80

1.  Introduction

   This document specifies Java language bindings for the Generic
   Security Services Application Programming Interface (GSS-API) Version
   2. GSS-API Version 2 is described in a language independent format in
   RFC 2078 [GSSAPIv2]. The  81
   7.8.9.  getMessage . . . . . . . . . . . . . . . . . . . . . .  81
   7.9.  public abstract class GSSManager . . . . . . . . . . . .  81
   7.9.1.  Example  . . . . . . . . . . . . . . . . . . . . . . .  82
   7.9.2.  setDefaultProvider . . . . . . . . . . . . . . . . . .  82
   7.9.3.  getDefaultProvider . . . . . . . . . . . . . . . . . .  83
   7.9.4.  getMechs . . . . . . . . . . . . . . . . . . . . . . .  83
   7.9.5.  getNamesForMech  . . . . . . . . . . . . . . . . . . .  83
   7.9.6.  getMechsForName  . . . . . . . . . . . . . . . . . . .  83
   7.9.7.  getProviderFromToken . . . . . . . . . . . . . . . . .  84
   7.9.8.  getProviderForMechanism  . . . . . . . . . . . . . . .  84
   7.10.  public class GSSName implements IGSSName  . . . . . . .  85
   7.10.1.  Example . . . . . . . . . . . . . . . . . . . . . . .  86
   7.10.2.  Constructors  . . . . . . . . . . . . . . . . . . . .  87
   7.10.3.  getProvider . . . . . . . . . . . . . . . . . . . . .  89
   7.11.  public class GSSCredential implements IGSSCredential  .  89
   7.11.1.  Example . . . . . . . . . . . . . . . . . . . . . . .  90
   7.11.2.  Constructors  . . . . . . . . . . . . . . . . . . . .  91
   7.11.3.  getProvider . . . . . . . . . . . . . . . . . . . . .  93
   7.12.  public class GSSContext implements IGSSContext  . . . .  93
   7.12.1.  Example . . . . . . . . . . . . . . . . . . . . . . .  96
   7.12.2.  Constructors  . . . . . . . . . . . . . . . . . . . .  97
   7.12.3.  getProvider . . . . . . . . . . . . . . . . . . . . .  99
   8.  Sample Applications  . . . . . . . . . . . . . . . . . . .  99
   8.1.  Simple GSS Context Initiator . . . . . . . . . . . . . .  100
   8.2.  GSS Context Acceptor Using Multiple Providers  . . . . .  104
   8.3.  GSS Context Initiator Using the Provider Factory Directly 108
   9.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . .  112
   10.  Bibliography  . . . . . . . . . . . . . . . . . . . . . .  114
   11.  Author's Address  . . . . . . . . . . . . . . . . . . . .  115

1.  Introduction

   This document specifies Java language bindings for the Generic
   Security Services Application Programming Interface (GSS-API) Version
   2. GSS-API Version 2 is described in a language independent format in
   RFC 2078 [GSSAPIv2]. The GSS-API allows a caller application to
   authenticate a principal identity, to delegate rights to a peer, and
   to apply security services such as confidentiality and integrity on a
   per-message basis.

   This document leverages the work performed by the WG in the area of
   RFC 2078 [GSSAPIv2] the C-bindings draft [GSSAPI-C].  Whenever
   appropriate, text has been used from the C-bindings document to
   explain generic concepts and provide direction to the implementors.

   The design goals of this API have been to satisfy all the
   functionality defined in RFC 2078 and to provide these services in an
   object oriented method.  The specification also aims to satisfy the
   needs of both types of Java application developers, those who would
   like access to a "system-wide" GSS-API implementation, as well as
   those who would want to provide their own "custom" implementation.

   A "system-wide" implementation is one that is available to all
   applications in the form of a library package.  It may be a standard
   package in the Java runtime environment (JRE) being used or it may be
   additionally installed and accessible to any application via the
   CLASSPATH.

   A "custom" implementation of the GSS-API, on the other hand, is one
   that would, in most cases, be bundled with the application during
   distribution.  It is expected that such an implementation would be
   meant to provide for some particular need of the application, such as
   support for some specific mechanism.

   The design of this API also aims to allow applications to add to and
   choose between GSS-API implementations at runtime.  Key elements from
   one implementation may be added to the remaining framework from
   another implementation ("system-wide") to support new mechanisms with
   minimum addition of binaries.  This is particularly useful to applet
   developers who need flexibility in choice but prefer to remain
   lightweight.

   Lastly, this specification presents an API that will naturally fit
   within the operation environment of the Java platform.  Readers are
   assumed to be familiar with both the GSS-API and the Java platform.

2.  GSS-API Operational Paradigm

   The Generic Security Service Application Programming Interface
   [GSSAPIv2] defines a generic security API to calling applications.
   It allows a communicating application to authenticate the user
   associated with another application, to delegate rights to another
   application, and to apply security services such as confidentiality
   and integrity on a per-message basis.

        There are four stages to using GSS-API:

        1)   The application acquires a set of credentials with which it
             may prove its identity to other processes.  The
             application's credentials vouch for its global identity,
             which may or may not be related to any local username under
             which it may be running.

        2)   A pair of communicating applications establish a joint
             security context using their credentials.  The security
             context encapsulates shared state information, which is
             required in order that per-message security services may be
             provided.  Examples of state information that might be
             shared between applications as part of a security context
             are cryptographic keys, and message sequence numbers.  As
             part of the establishment of  a security context, the
             context initiator is authenticated to the responder, and
             may require that the responder is authenticated back to the
             initiator.  The initiator may optionally give the responder
             the right to initiate further security contexts, acting as
             an agent or delegate of the initiator.  This transfer of
             rights is termed "delegation", and is achieved by creating
             a set of credentials, similar to those used by the
             initiating application, but which may be used by the
             responder.

             A GSSContext object is used to establish and maintain the
             shared information that makes up the security context.
             (Please note that for the purposes of this discussion,
             GSSContext and IGSSContext are used interchangeably).
             Certain GSSContext methods will generate a token, which
             applications treat as cryptographically protected, opaque
             data.  The caller of such GSSContext method is responsible
             for transferring the token to the peer application,
             encapsulated if necessary in an application-to-application
             protocol.  On receipt of such a token, the peer application
             should pass it to a corresponding GSSContext method which
             will decode the token and extract the information, updating
             the security context state information accordingly.

        3)   Per-message services are invoked on a GSSContext object to
             apply either:

                  integrity and data origin authentication, or

                  confidentiality, integrity and data origin
                  authentication

             to application data, which are treated by GSS-API as
             arbitrary octet-strings.  An application transmitting a
             message that it wishes to protect will call the appropriate
             GSSContext method (getMIC or wrap) to apply protection, and
             send the resulting token to the receiving application.  The
             receiver will pass the received token (and, in the case of
             data protected by getMIC, the accompanying message-data) to
             the corresponding decoding method of the GSSContext class
             (verifyMIC or unwrap) to remove the protection and validate
             the data.

        4)   At the completion of a communications session (which may
             extend across several transport connections), each
             application uses a GSSContext method to invalidate the
             security context and release any system or cryptographic
             resources held.  Multiple contexts may also be used (either
             successively or simultaneously) within a single
             communications association, at the discretion of the
             applications.

3.  Additional Controls

   This section discusses the optional services that a context initiator
   may request of the GSS-API before the context establishment.  Each of
   these services is requested by calling the appropriate mutator method
   in the GSSContext object before the first call to init is performed.
   Only the context initiator can request context flags.

   The optional services defined are:

   Delegation
        The (usually temporary) transfer of rights from initiator to
        acceptor, enabling the acceptor to authenticate itself as an
        agent of the initiator.

   Mutual Authentication
        In addition to the initiator authenticating its identity to the
        context acceptor, the context acceptor should also authenticate
        itself to the initiator.

   Replay Detection
        In addition to providing message integrity services, GSSContext
        per-message operations of getMIC and wrap should include message
        numbering information  to enable verifyMIC and unwrap to detect
        if a message has been duplicated.

   Out-of-Sequence Detection
        In addition to providing message integrity services, GSSContext
        per-message operations  (getMIC and wrap) should include message
        sequencing information to enable verifyMIC and unwrap to detect
        if a message has been received out of sequence.

   Anonymous Authentication
        The establishment of the security context should not reveal the
        initiator's identity to the context acceptor.

   Some mechanisms may not support all optional services, and some
   mechanisms may only support some services in conjunction with others.
   The GSSContext class offers query methods to allow the verification
   by the calling application of which services will be available from
   the context when the establishment phase is complete.  In general, if
   the security mechanism is capable of providing a requested service,
   it should do so even if additional services must be enabled in order
   to provide the requested service.  If the mechanism is incapable of
   providing a requested service, it should proceed without the service
   leaving the application to abort the context establishment process if
   it considers the requested service to be mandatory.

   Some mechanisms may specify that support for some services is
   optional, and that implementors of the mechanism need not provide it.
   This is most commonly true of the confidentiality service, often
   because of legal restrictions on the use of data-encryption, but may
   apply to any of the services.  Such mechanisms are required to send
   at least one token from acceptor to initiator during context
   establishment when the initiator indicates a desire to use such a
   service, so that the initiating GSS-API can correctly indicate
   whether the service is supported by the acceptor's GSS-API.

3.1.  Delegation

   The GSS-API allows delegation to be controlled by the initiating
   application via the requestCredDeleg method before the first call to
   init has been issued.  Some mechanisms do not support delegation, and
   for such mechanisms attempts by an application to enable delegation
   are ignored.

   The acceptor of a security context, for which the initiator enabled
   delegation, can check if delegation was enabled by using the
   getCredDelegState method of the GSSContext class.  In cases when it
   is, the delegated credential object can be obtained by calling the
   getDelegCred method.  The obtained IGSSCredential object may then be
   used to initiate subsequent GSS-API security contexts as an agent or
   delegate of the initiator.  (Please note that for the purposes of
   this discussion GSSCredential and IGSSCredential are used
   interchangeably.)  If the original initiator's identity is "A" and
   the delegate's identity is "B", then, depending on the underlying
   mechanism, the identity embodied by the delegated credential may be
   either "A" or "B acting for A".

   For many mechanisms that support delegation, a simple boolean does
   not provide enough control.  Examples of additional aspects of
   delegation control that a mechanism might provide to an application
   are duration of delegation, network addresses from which delegation
   is valid, and constraints on the tasks that may be performed by a
   delegate.  Such controls are presently outside the scope of the GSS-
   API.  GSS-API implementations supporting mechanisms offering
   additional controls should provide extension routines that allow
   these controls to be exercised (perhaps by modifying the initiator's
   GSS-API credential object prior to its use in establishing a
   context).  However, the simple delegation control provided by GSS-API
   should always be able to over-ride other mechanism-specific
   delegation controls.  If the application instructs the GSSContext
   object that delegation is not desired, then the implementation must
   not permit delegation to occur.  This is an exception to the general
   rule that a mechanism may enable services even if they are not
   requested - delegation may only be provided at the explicit request
   of the application.

3.2.  Mutual Authentication

   Usually, a context acceptor will require that a context initiator
   authenticate itself so that the acceptor may make an access-control
   decision prior to performing a service for the initiator.  In some
   cases, the initiator may also request that the acceptor authenticate
   itself.  GSS-API allows the initiating application to request this
   mutual authentication service by calling the requestMutualAuth method
   of the GSSContext class with a "true" parameter before making the
   first call to init.  The initiating application is informed as to
   whether or not the context acceptor has authenticated itself.  Note
   that some mechanisms may not support mutual authentication, and other
   mechanisms may always perform mutual authentication, whether or not
   the initiating application requests it.  In particular, mutual
   authentication may be required by some mechanisms in order to support
   replay or out-of-sequence message detection, and for such mechanisms
   a request for either of these services will automatically enable
   mutual authentication.

3.3.  Replay and Out-of-Sequence Detection

   The GSS-API may provide detection of mis-ordered messages once a
   security context has been established.  Protection may be applied to
   messages by either application, by calling either getMIC or wrap
   methods of the GSSContext class, and verified by the peer application
   by calling verifyMIC or unwrap for the peer's GSSContext object.

   The getMIC method calculates a cryptographic checksum of an
   application message, and returns that checksum in a token.  The
   application should pass both the token and the message to the peer
   application, which presents them to the verifyMIC method of the
   peer's GSSContext object.

   The wrap method calculates a cryptographic checksum of an application
   message, and places both the checksum and the message inside a single
   token.  The application should pass the token to the peer
   application, which presents it to the unwrap method of the peer's
   GSSContext object to extract the message and verify the checksum.

   Either pair of routines may be capable of detecting out-of-sequence
   message delivery, or duplication of messages.  Details of such mis-
   ordered messages are indicated through supplementary query methods of
   the MessageProp object that is filled in by each of these routines.

   A mechanism need not maintain a list of all tokens that have been
   processed in order to support these status codes.  A typical
   mechanism might retain information about only the most recent "N"
   tokens processed, allowing it to distinguish duplicates and missing
   tokens within the most recent "N" messages; the receipt of a token
   older than the most recent "N" would result in the isOldToken method
   of the instance of MessageProp to return "true".

3.4.  Anonymous Authentication

   In certain situations, an application may wish to initiate the
   authentication process to authenticate a peer, without revealing its
   own identity.  As an example, consider an application providing
   access to a database containing medical information, and offering
   unrestricted access to the service.  A client of such a service might
   wish to authenticate the service (in order to establish trust in any
   information retrieved from it), but might not wish the service to be
   able to obtain the client's identity (perhaps due to privacy concerns
   about the specific inquiries, or perhaps simply to avoid being placed
   on mailing-lists).

   In normal use of the GSS-API, the initiator's identity is made
   available to the acceptor as a result of the context establishment
   process.  However, context initiators may request that their identity
   not be revealed to the context acceptor.  Many mechanisms do not
   support anonymous authentication, and for such mechanisms the request
   will not be honored.  An authentication token will still be
   generated, but the application is always informed if a requested
   service is unavailable, and has the option to abort context
   establishment if anonymity is valued above the other security
   services that would require a context to be established.

   In addition to informing the application that a context is
   established anonymously (via the isAnonymous method of the GSSContext
   class), the getSrcName method of the acceptor's GSSContext object
   will, for such contexts, return a reserved internal-form name,
   defined by the implementation.

   The toString method for a GSSName object representing an anonymous
   entity will return a printable name.  (Please note that for the
   purposes of this discussion GSSName and IGSSName are used
   interchangeably.)  The returned value will be syntactically
   distinguishable from any valid principal name supported by the
   implementation.  The associated name-type object identifier will be
   an oid representing the value of NT_ANONYMOUS.  This name-type oid
   will be defined as a public, static Oid object of the GSSName class.
   The printable form of an anonymous name should be chosen such that it
   implies anonymity, since this name may appear in, for example, audit
   logs.  For example, the string "<anonymous>" might be a good choice,
   if no valid printable names supported by the implementation can begin
   with "<" and end with ">".

   When using the equal method of the GSSName class, and one of the
   operands is a GSSName instance representing an anonymous entity, the
   method must return "false".

3.5.  Confidentiality

   If a GSSContext supports the confidentiality service, wrap method may
   be used to encrypt application messages.  Messages are selectively
   encrypted, under the control of the setPrivacy method of the
   MessageProp object used in the wrap method.

3.6.  Inter-process Context Transfer

   GSS-API V2 provides functionality which allows a security context to
   be transferred between processes on a single machine.  These are
   implemented using the export method of GSSContext and a byte array
   constructor of the same class.  The most common use for such a
   feature is a client-server design where the server is implemented as
   a single process that accepts incoming security contexts, which then
   launches child processes to deal with the data on these contexts.  In
   such a design, the child processes must have access to the security
   context object created within the parent so that they can use per-
   message protection services and delete the security context when the
   communication session ends.

   Since the security context data structure is expected to contain
   sequencing information, it is impractical in general to share a
   context between processes.  Thus GSSContext class provides an export
   method that the process, which currently owns the context, can call
   to declare that it has no intention to use the context subsequently,
   and to create an inter-process token containing information needed by
   the adopting process to successfully re-create the context.  After
   successful completion of export, the original security context is
   made inaccessible to the calling process by GSS-API allows and any further
   usage of this object will result in failures.  The originating
   process transfers the inter-process token to the adopting process,
   which creates a new GSSContext object using the byte array
   constructor.  The properties of the context are equivalent to that of
   the original context.

   The inter-process token may contain sensitive data from the original
   security context (including cryptographic keys).  Applications using
   inter-process tokens to transfer security contexts must take
   appropriate steps to protect these tokens in transit.

   Implementations are not required to support the inter-process
   transfer of security contexts.  Calling the isTransferable method of
   the GSSContext class will indicate if the context object is
   transferable.

3.7.  The Use of Incomplete Contexts

   Some mechanisms may allow the per-message services to be used before
   the context establishment process is complete.  For example, a
   mechanism may include sufficient information in its initial context-
   level tokens for the context acceptor to immediately decode messages
   protected with wrap or getMIC.  For such a caller mechanism, the initiating
   application need not wait until subsequent context-level tokens have
   been sent and received before invoking the per-message protection
   services.

   An application can invoke the isProtReady method of the GSSContext
   class to
   authenticate determine if the per-message services are available in
   advance of complete context establishment.  Applications wishing to
   use per-message protection services on partially-established contexts
   should query this method before attempting to invoke wrap or getMIC.

4.  Calling Conventions

   Java provides the implementors with not just a principal identity, syntax for the
   language, but also an operational environment.  For example, memory
   is automatically managed and does not require application
   intervention.  These language features have allowed for a simpler API
   and have led to delegate rights the elimination of certain GSS-API functions.

   Moreover, the Java security libraries contain a provider architecture
   that allows applications to be independent of the implementations of
   the security API's they use.  Using this model, applications can
   seamlessly switch between different implementations at runtime in
   order to get support for different mechanisms.

4.1.  Package Name

   The classes and interfaces defined in this document reside in the
   package called "org.ietf.JGSS".  Applications that wish to make use
   of this API should import this package name as shows in section 8.

   GSS-API implementors will have their implementation specific classes
   that are not defined in this document reside in other packages.  The
   GSSManager class insulates the user from knowledge of these provider
   specific packages.

4.2.  Provider Framework

   The Java security API's use a provider architecture that allows
   applications to be implementation independent.  The
   java.security.Provider class is an abstract class that a vendor
   extends.  This class maps various properties that represent different
   security services to the names of the actual vendor classes that
   implement those services.  When requesting a peer, and
   to apply security services such as confidentiality service, an application
   simply specifies the desired provider and integrity on a
   per-message basis.

   This document leverages on the work performed by API classes delegate
   the WG in request to the area appropriate provider class.

   Providers of RFC 2078 [GSSAPIv2] the C-bindings draft [GSSAPI-C].  Whenever
   appropriate, text has been used from Java GSS-API should map the C-bindings document to
   explain generic concepts and provide direction property
   "org.ietf.JGSS.GSSFactory" to the implementors.

   The design goals fully qualified name of their
   implementation of this API have been to satisfy all the
   functionality defined GSSFactory class.  As explained later in RFC 2078
   section 4.1 this class is the bootstrapping class for every GSS
   provider and will allow the framework to obtain references to provide these services in an
   object oriented method.  Further, the specification presents an API
   other classes that will naturally fit within encapsulate the operation environment GSS services.

   Using the Java security provider model insulates applications from
   implementation details of the providers they wish to use.  The
   benefits of this approach are that applications can switch between
   providers transparently and new providers can be added as needed.
   Binary compatibility is maintained and applications can switch
   providers even at runtime.  The providers  themselves can change
   their implementation without having existing applications break.

4.3.  Integer types

   All numeric values are declared as "int" primitive Java
   platform.  Readers type.  The
   Java specification guarantees that this will be a 32 bit two's
   complement signed number.

   Throughout this API, the "boolean" primitive Java type is used
   wherever a boolean value is required or returned.

4.4.  Opaque Data types

   Java byte arrays are assumed used to represent opaque data types which are
   consumed and produced by the GSS-API in the forms of tokens.  Java
   arrays contain a length field which enables the users to be familiar with both easily
   determine their size.  The language has automatic garbage collection
   which alleviates the GSS-API need by developers to release memory and the Java platform.

2.  GSS-API Operational Paradigm
   simplifies buffer ownership issues.

4.5.  Strings

   The Generic Security Service Application Programming Interface
   [GSSAPIv2] defines a generic security API String object will be used to calling applications.
   It represent all textual data.  The
   Java String object, transparently treats all characters as two-byte
   Unicode characters which allows a communicating application to authenticate support for many locals.  All
   routines returning or accepting textual data will use the user
   associated with another application, to delegate rights String
   object.

4.6.  Object Identifiers

   An Oid object will be used to another
   application, and represent Universal Object Identifiers
   (Oids).  Oids are ISO-defined, hierarchically globally-interpretable
   identifiers used within the GSS-API framework to apply identify security services such as confidentiality
   mechanisms and integrity on a per-message basis.

        There are four stages to using GSS-API:

        1) name formats.  The application acquires Oid object can be created from a set
   string representation of credentials with which it
             may prove its identity to other processes. The
             application's credentials vouch for dot notation (e.g. "1.3.6.1.5.6.2") as
   well as from its global identity,
             which may or may not be related ASN.1 DER encoding.  Methods are also provided to any local username under
             which it may be running.

        2)   A pair
   test equality and provide the DER representation for the object.

   An important feature of communicating applications establish a joint
             security context using their credentials.  The security
             context encapsulates shared state information, which the Oid class is
             required in order that per-message security services may be
             provided.  Examples its instances are
   immutable - i.e.  there are no methods defined that allow one to
   change the contents of state information that might an Oid.  This property allows one to treat
   these objects as "statics" without the need to perform copies.

   Certain routines allow the usage of a default oid.  A "null" value
   can be
             shared between applications used in those cases.

4.7.  Object Identifier Sets

   The Java bindings represents object identifiers sets as part arrays of Oid
   objects.  All Java arrays contain a security context
             are cryptographic keys, length field which allows for
   easy manipulation and message sequence numbers.  As
             part reference.

   In order to support the full functionality of RFC 2078, the establishment Oid class
   includes a method which checks for existence of an Oid object within
   a security context, the
             context initiator specified array.  This is authenticated equivalent in functionality to the responder,
   gss_test_oid_set_member.  The use of Java arrays and
             may require that the responder is authenticated back to Java's automatic
   garbage collection has eliminated the
             initiator.  The initiator may optionally give need for the responder following
   routines: gss_create_empty_oid_set, gss_release_oid_set, and
   gss_add_oid_set_member.  Java GSS-API implementations will not
   contain them.  Java's automatic garbage collection and the right to initiate further security contexts, acting as
             an agent or delegate immutable
   property of the initiator.  This transfer Oid object eliminates the complicated memory
   management issues of
             rights is termed "delegation", and the C counterpart.

   When ever a default value for an Object Identifier Set is achieved by creating required, a set of credentials, similar to those used by the
             initiating application, but which may
   "null" value can be used used.  Please consult the detailed method
   description for details.

4.8.  Credentials

   GSS-API credentials are represented by the
             responder.

             A GSSContext object is used GSSCredential interface.
   The interface contains several constructs to establish allow for the creation
   of most common credential objects for the initiator and maintain the
             shared information that makes up acceptor.
   Comparisons are performed using the security context.
             Certain GSSContext methods will generate a token, which
             applications treat as cryptographically protected, opaque
             data. interface's "equals" method.  The caller
   following general description of such GSSContext method GSS-API credentials is responsible
             for transferring the token to included from
   the peer application,
             encapsulated if necessary in an application-to-application
             protocol.  On receipt C-bindings specification:

   GSS-API credentials can contain mechanism-specific principal
   authentication data for multiple mechanisms.  A GSS-API credential is
   composed of such a token, the peer application
             should pass it set of credential-elements, each of which is applicable
   to a corresponding GSSContext method which
             will decode the token and extract the information, updating single mechanism.  A credential may contain at most one
   credential-element for each supported mechanism.  A credential-
   element identifies the security context state information accordingly.

        3)   Per-message services are invoked on data needed by a GSSContext object single mechanism to
             apply either:

                  integrity and data origin authentication, or

                  confidentiality, integrity
   authenticate a single principal, and data origin conceptually contains two
   credential-references that describe the actual mechanism-specific
   authentication

             to application data, which are treated one to be used by GSS-API as
             arbitrary octet-strings.  An application transmitting a
             message that it wishes to protect will call the appropriate
             GSSContext method (getMIC or wrap) for initiating
   contexts,  and one to apply protection, be used for accepting contexts.  For mechanisms
   that do not distinguish between acceptor and
             send the resulting token initiator credentials,
   both references would point to the receiving application. The
             receiver will pass the received token (and, in the case same underlying mechanism-specific
   authentication data.

   Credentials describe a set of
             data protected by getMIC, mechanism-specific principals, and give
   their holder the accompanying message-data) ability to
             the corresponding decoding method act as any of the GSSContext class
             (verifyMIC or unwrap) those principals.  All
   principal identities asserted by a single GSS-API credential should
   belong to remove the protection and validate same entity, although enforcement of this property is
   an implementation-specific matter.  A single IGSSCredential object
   represents all the data.

        4)   At credential elements that have been acquired.

   The creation's of an IGSSContext object allows the completion value of "null" to
   be specified as the IGSSCredential input parameter.  This will
   indicate a communications session (which may
             extend across several transport connections), each desire by the application uses to act as a GSSContext method default principal.
   While individual GSS-API implementations are free to determine such
   default behavior as appropriate to invalidate the
             security context and release any system or cryptographic
             resources held.  Multiple contexts may also be used (either
             successively or simultaneously) within a single
             communications association, at mechanism, the discretion following
   default behavior by these routines is recommended for portability:

        For the initiator side of the
             applications.

3.  GSS-API Classes

   This section presents context:

        1)   If there is only a brief description single principal capable of initiating
             security contexts for the classes comprising chosen mechanism that the GSS-API class library and
             application is authorized to act on behalf of, then that
             principal shall be used, otherwise

        2)   If the corresponding RFC 2078
   functionality implemented by each of them.  Detailed description platform maintains a concept of
   all a default network-
             identity for the classes chosen mechanism, and their corresponding methods is presented in
   section 6.

3.1.  GSSCredential class

   The GSSCredential class if the application
             is responsible authorized to act on behalf of that identity for the encapsulation
             purpose of GSS-
   API credentials. Credentials identify a single entity and provide initiating security contexts, then the
   necessary cryptographic information principal
             corresponding to enable that identity shall be used, otherwise

        3)   If the creation platform maintains a concept of a
   context default local
             identity, and provides a means to map local identities into
             network-identities for the chosen mechanism, and if the
             application is authorized to act on behalf of that entity. A single GSSCredential may contain
   multiple mechanism specific credentials, each referred to as a
   credential element.  The GSSCredential class implements the
   functionality network-
             identity image of the following GSS-API routines:

       RFC 2078 Routine                Function              Section(s)

   gss_acquire_cred           Acquire credential default local identity for use.      6.2.3

   gss_add_cred               Constructs credentials           6.2.13
                              incrementally.

   gss_inquire_cred           Obtain information about      6.2.5-6.2.12
                              credential.

   gss_inquire_cred_by_mech   Obtain per-mechanism          6.2.5-6.2.12
                              information about
                              a credential.

   gss_release_cred           Disposes of credentials          6.2.4
                              after use.

3.2.  GSSContext class

   This class encapsulates the functionality
             purpose of context-level calls
   required for initiating security context establishment and management between
   peers as well as contexts using the per-message services offered chosen
             mechanism, then the principal corresponding to applications. that
             identity shall be used, otherwise

        4)   A user-configurable default identity should be used.

        and for the acceptor side of the context

        1)   If there is established between only a pair single authorized principal identity
             capable of peers accepting security contexts for the chosen
             mechanism, then that principal shall be used, otherwise

        2)   If the mechanism can determine the identity of the target
             principal by examining the context-establishment token
             processed during the accept method, and allows if the usage
   of security services on a per-message basis on accepting
             application data. It is created over a single security mechanism. The GSSContext class
   implements authorized to act as that principal for the functionality
             purpose of accepting security contexts using the following GSS-API routines:

      RFC 2078 Routine                 Function              Section(s)

   gss_init_sec_context     Initiate chosen
             mechanism, then that principal identity shall be used,
             otherwise

        3)   If the creation of a       6.3.4,
                            security context with            6.3.5
                            a peer.

   gss_accept_sec_context   Accept a security mechanism supports context        6.3.6,
                            initiated acceptance by a peer.             6.3.7

   gss_delete_sec_context   Destroy a security context.      6.3.9

   gss_context_time         Obtain remaining context         6.3.38
                            time.

   gss_inquire_context      Obtain context                   6.3.38 any
             principal, and if mutual authentication was not requested,
             any principal that the application is authorized to
                            characteristics.                 6.3.43

   gss_wrap_size_limit      Determine token-size limit       6.3.10
                            for gss_wrap.

   gss_export_sec_context   Transfer accept
             security context        6.3.19 contexts under using the chosen mechanism may be
             used, otherwise

        4)   A user-configurable default identity shall be used.

   The purpose of the above rules is to another process.

   gss_import_sec_context   Create a previously exported     6.3.3
                            context.

   gss_get_mic              Calculate a cryptographic        6.3.15,
                            Message Integrity Code (MIC)     6.3.16
                            for a message.

   gss_verify_mic           Verify integrity on a received   6.3.17,
                            message.                         6.3.18

   gss_wrap                 Attach a MIC allow security contexts to a message be
   established by both initiator and    6.3.11,
                            optionally encrypt acceptor using the message   6.3.12
                            content.

   gss_unwrap               Obtain a previously wrapped      6.3.13,
                            application message verifying    6.3.14
                            its integrity default behavior
   whenever possible.  Applications requesting default behavior are
   likely to be more portable across mechanisms and optionally
                            decrypting it. implementations than
   ones that instantiate an IGSSCredential object representing a
   specific identity.

4.9.  Contexts

   The functionality offered by the gss_process_context_token routine
   has not been included in IGSSContext interface is used to represent one end of a GSS-API
   security context, storing state information appropriate to that end
   of the Java bindings specification. peer communication, including cryptographic state information.

   The
   corresponding functionality instantiation of gss_delete_sec_context the context object is done differently by the
   initiator and the acceptor.  After the context has also been
   modified instantiated,
   the initiator may choose to not return any peer tokens.  This has set various context options which will
   determine the characteristics of the desired security context.  When
   all the application desired characteristics have been proposed in
   accordance to set, the recommendations stated in
   initiator will call the RFC 2078 update
   draft.  GSSContext does offer initSecContext method which will produce a
   token for consumption by the functionality peer's acceptSecContext method.  It is
   the responsibility of destroying the
   locally-stored context information.

3.3.  GSSName class

   GSS-API names are represented in application to deliver the Java bindings through authentication
   token(s) between the
   GSSName class. Different name formats and their definitions are
   identified with universal Object Identifiers (oids). The format peer applications for processing.  Upon
   completion of the names context establishment phase, context attributes can
   be derived based on retrieved, by both the unique oid initiator and acceptor, using the accessor
   methods.  These will reflect the actual attributes of each name type.
   The following GSS-API routines are implemented by the GSSName object:

     RFC 2078 Routine                 Function               Section(s)

   gss_import_name         Create an internal name from     6.1.3 established
   context.  At this point the supplied information.

   gss_display_name        Covert internal name             6.1.8, 6.1.9
                           representation to text format.

   gss_compare_name        Compare two internal names.      6.1.4, 6.1.5

   gss_release_name        Release resources associated     N/A
                           with context can be used by the internal name.

   gss_canonicalize_name   Convert an internal name application to
   apply cryptographic services to its data.

4.10.  Authentication tokens

   A token is a caller-opaque type that GSS-API uses to maintain
   synchronization between each end of the GSS-API security context.
   The token is a    6.1.3, 6.1.6 cryptographically protected octet-string, generated by
   the underlying mechanism name.

   gss_export_name         Convert a Mechanism name to      6.1.7
                           export format.

   gss_duplicate_name      Create a copy at one end of a GSS-API security context for
   use by the internal    6.1.10
                           name.

3.4.  GSSManager class

   The responsibilities peer mechanism at the other end.  Encapsulation (if
   required) within the application protocol and transfer of the GSSManager class is to provide
   functionality common to token
   are the responsibility of the entire peer applications.

   Java GSS-API class library. This would
   include queries about uses byte arrays to represent authentication tokens.
   Overloaded methods exist which allow the mechanisms supported caller to supply input and
   output streams which will be used for the default
   mechanism value. GSSManager implements reading and writing of the following RFC 2078
   routines:

        RFC 2078 Routine                Function            Section

   gss_inquire_names_for_mech   List
   token data.

4.11.  Interprocess tokens

   Certain GSS-API routines are intended to transfer data between
   processes in multi-process programs.  These routines use a caller-
   opaque octet-string, generated by the name types         6.5.2
                                supported GSS-API in one process for use
   by the
                                specified mechanism.

   gss_inquire_mechs_for_name   List GSS-API in another process.  The calling application is
   responsible for transferring such tokens between processes.  Note
   that, while GSS-API implementors are encouraged to avoid placing
   sensitive information within interprocess tokens, or to
   cryptographically protect them, many implementations will be unable
   to avoid placing key material or other sensitive data within them.
   It is the mechanisms         6.5.3
                                supporting application's responsibility to ensure that interprocess
   tokens are protected in transit, and transferred only to processes
   that are trustworthy.  An interprocess token is represented using a
   byte array emitted from the
                                specified name type.

   gss_indicate_mechs           List export method of the mechanisms         6.5.1
                                supported by this GSS-API
                                implementation.

3.5.  GSSException class

   Exceptions are used in IGSSContext
   interface.  The receiver of the Java bindings to signal fatal errors interprocess token would use
   initialize an IGSSContext object with this token to create a new
   context.  Once a context has been exported, the calling applications.  This replaces IGSSContext object is
   invalidated and is no longer available.

4.12.  Error Reporting

   RFC 2078 defined the usage of major and minor codes status values for
   signaling of GSS-API errors.  The major code, also called GSS status
   code, is used in to signal errors at the C-bindings specification as a method GSS-API level independent of signaling
   failures.
   the underlying mechanism(s).  The minor status value or Mechanism
   status code, is a mechanism defined error value indicating a
   mechanism specific error code.

   Java GSS-API uses exceptions implemented by the GSSException class handles to
   signal both minor and major codes,
   as well as their translation into textual representation.  All GSS-
   API methods are declared as possibly throwing this exception.

    RFC 2078 Routine           Function              Section

   gss_display_status   Retrieve textual          6.8.5, 6.8.6,
                        representation of error   6.8.8, 6.8.9
                        codes.

3.6.  Oid class

   This utility class is used to represent Universal Object Identifiers
   and their associated operations. GSS-API uses object identifiers to
   distinguish between security mechanisms values.  Both, mechanism specific
   errors and name types.  This class,
   aside from being used whenever an object identifier is needed,
   implements the following GSS-API functionality:

      RFC 2078 Routine                  Function              Section

   gss_test_oid_set_member   Determine if the specified oid   6.7.6
                             is part level errors are signaled through instances of a set
   this class.  The usage of oids.

3.7.  MessageProp class

   This helper class is used in exceptions replaces the per-message operations of need for major and
   minor codes to be used within the
   GSSContext API calls.  GSSException class also
   contains methods to convey obtain textual representations for both the requested major
   and applied per-message
   options. An instance of this class minor values, which is used equivalent to specify the desired QOP
   and confidentiality state for a per-message operation functionality of the
   GSSContext class.  Upon return from those methods, this object will
   contain the applied QOP and confidentiality state as well as any
   supplementary
   gss_display_status.

4.12.1.  GSS status information for the completed per-message
   operation.

3.8.  ChannelBinding class

   An instance codes

   GSS status codes indicate errors that are independent of this class is the
   underlying mechanism(s) used to specify channel binding
   information to the GSSContext object before provide the start of a security
   context establishment. service.  The application may use a byte array to
   specify application data to
   errors that can be used indicated via a GSS status code are generic API
   routine errors (errors that are defined in the channel binding as well as
   using instances GSS-API
   specification).  These bindings take advantage of the InetAddress. InetAddress is currently the only
   address type defined within the Java platform and as such, it is exceptions
   mechanism, thus eliminating the
   only one supported within need for calling errors.

   A GSS status code indicates a single fatal generic API error from the ChannelBinding class.

4.  Calling Conventions

   Java provides
   routine that has thrown the implementors with more than just GSSException.  Using exceptions announces
   that a syntax fatal error has occurred during the execution of the method.
   Two GSS-API routines can also return supplementary status information
   which indicates non-fatal errors.  These are handled as return values
   since using exceptions is not appropriate for informatory or
   warning-like information.  The methods that are capable of producing
   supplementary information are the
   language, but also an operational environment. For example, memory is
   automatically managed two per-message methods
   IGSSContext.verifyMIC() and does not require application intervention. IGSSContext.unwrap().  These language features have allowed methods fill
   the supplementary status codes in the MessageProp object that was
   passed in.

   GSSException object, along with providing the functionality for a simpler API
   setting of the various error codes and have led
   to translating them into textual
   representation, also contains the elimination definitions of certain GSS-API functions.

4.1.  Integer types

   All all the numeric values are declared as "int" primitive Java
   error values.  The following table lists the definitions of error
   codes:

        Table: GSS Status Codes

                Name           Value                Meaning

        BAD_MECH                 1     An unsupported mechanism
                                       was requested.

        BAD_NAME                 2     An invalid name was supplied.

        BAD_NAMETYPE             3     A supplied name was of an
                                       unsupported type.

        BAD_BINDINGS             4     Incorrect channel bindings were
                                       supplied.

        BAD_STATUS               5     An invalid status code was
                                       supplied.

        BAD_MIC                  6     A token had an invalid MIC.

        NO_CRED                  7     No credentials were supplied, or
                                       the credentials were unavailable
                                       or inaccessible.

        NO_CONTEXT               8     Invalid context has been
                                       supplied.

        DEFECTIVE_TOKEN          9     A supplied token was invalid.

        DEFECTIVE_CREDENTIAL    10     A supplied credential was
                                       invalid.

        CREDENTIALS_EXPIRED     11     The
   Java specification guarantees that this will be a 32 bit two's
   complement signed number.

   Throughout this API, referenced credentials
                                       have expired.

        CONTEXT_EXPIRED         12     The context has expired.

        FAILURE                 13     Miscellaneous failure,
                                       unspecified at the "boolean" primitive Java type GSS-API level.

        BAD_QOP                 14     The quality-of-protection
                                       requested could not be provided.

        UNAUTHORIZED            15     The operation is used
   wherever forbidden by
                                       local security policy.

        UNAVAILABLE             16     The operation or option is
                                       unavailable.

        DUPLICATE_ELEMENT       17     The requested credential
                                       element already exists.

        NAME_NOT_MN             18     The provided name was not a boolean value
                                       mechanism name.

        OLD_TOKEN               19     The token's validity period has
                                       expired.

        DUPLICATE_TOKEN         20     The token was a duplicate of an
                                       earlier version.

   The GSS major status code of FAILURE is required or returned.

4.2.  Opaque Data types

   Java byte arrays are used to represent opaque data types which are
   consumed and produced by the GSS-API in indicate that the forms of tokens. Java
   arrays contain a length field
   underlying mechanism detected an error for which enables the users to easily
   determine their size. no specific GSS
   status code is defined.  The language has automatic garbage collection
   which alleviates mechanism-specific status code can
   provide more details about the need by developers to release memory and
   simplifies buffer ownership issues.

4.3.  Strings

   The String object will be used to represent all textual data. error.

4.12.2.  Mechanism-specific status codes

   The
   Java String object, transparently treats all characters as two-byte
   Unicode characters which allows support for many locals. All routines
   returning GSSException thrown from a GSS-API method may originate from the
   mechanism independent layer or accepting textual data will use the String object.

4.4.  Object Identifiers

   An Oid object mechanism specific layer.  In the
   latter case, the exception will be used to represent Universal Object Identifiers
   (Oids).  Oids are ISO-defined, hierarchically globally-interpretable
   identifiers used within indicate not only the GSS-API framework to identify security
   mechanisms and name formats. The Oid object can be created from a
   string representation of its dot notation (e.g. "1.3.6.1.5.6.2") as
   well as from its ASN.1 DER encoding. Methods are
   major error codes but also provided the mechanism specific error code.

   A default value of 0 will be used to
   test equality and provide the DER representation for represent the object.

   An important feature absence of the Oid class is that its instances are
   immutable - i.e. there
   mechanism specific status code.

4.12.3.  Supplementary status codes

   Supplementary status codes are no methods defined that allow one confined to
   change the contents per-message methods of an Oid. This property allows one to treat
   these objects as "statics" without the need to perform copies.

   Certain routines allow
   the usage IGSSContext interface.  Because of a default oid. A "null" value can
   be used in those cases.

4.5.  Object Identifier Sets

   The Java bindings represents object identifiers sets as arrays the informative nature of Oid
   objects. All Java arrays contain a length field which allows for easy
   manipulation and reference.

   In order
   these errors it is not appropriate to support use exceptions to signal them.
   Instead, the full functionality per-message operations of RFC 2078, the Oid class
   includes IGSSContext interface
   return these values in a method MessageProp object.

   The MessageProp class defines query methods which checks for existence of an Oid object within
   a specified array. This return boolean
   values indicating the following supplementary states:

        Table: Supplementary Status Methods
          Method Name       Meaning when "true" is equivalent in functionality to
   gss_test_oid_set_member. returned

        isDuplicateToken   The use token was a duplicate of Java arrays and Java's automatic
   garbage collection an
                           earlier token.

        isOldToken         The token's validity period has eliminated the need
                           expired.

        isUnseqToken       A later token has already been
                           processed.

        isGapToken         An expected per-message token was
                           not received.

   "true" return value for any of the following
   routines: gss_create_empty_oid_set, gss_release_oid_set, and
   gss_add_oid_set_member. Java GSS-API implementations will not contain
   them. Java's automatic garbage collection and above methods indicates that the immutable property
   of
   token exhibited the Oid object eliminates specified property.  The application must
   determine the complicated memory management issues appropriate course of action for these supplementary
   values.  They are not treated as errors by the C counterpart.

   When ever GSS-API.

4.13.  Names

   A name is used to identify a default value person or entity.  GSS-API authenticates
   the relationship between a name and the entity claiming the name.

   Since different authentication mechanisms may employ different
   namespaces for an Object Identifier Set identifying their principals, GSS-API's naming support
   is required, a
   "null" value can be used. Please consult necessarily complex in multi-mechanism environments (or even in
   some single-mechanism environments where the detailed method
   description underlying mechanism
   supports multiple namespaces).

   Two distinct conceptual representations are defined for details.

4.6.  Credentials names:

   1)   A GSS-API credentials are form represented with by implementations of the GSSCredential object.
   The IGSSName
        interface: A single IGSSName object contains several constructs may contain multiple names
        from different namespaces, but all names should refer to allow for the creation
        same entity.  An example of
   most common credential objects for the initiator and such an internal name would be the acceptor.
   Comparisons are performed using
        name returned from a call to the object's "equals" method. The
   following general description getName method of GSS-API credentials is included from the C-bindings specification:

   GSS-API credentials can contain mechanism-specific principal
   authentication data
        IGSSCredential interface, when applied to a credential
        containing credential elements for multiple mechanisms.  A GSS-API credential is
   composed of authentication
        mechanisms employing different namespaces.  This IGSSName object
        will contain a set of credential-elements, distinct name for the entity for each of
        authentication mechanism.

        For GSS-API implementations supporting multiple namespaces,
        IGSSName implementations must contain sufficient information to
        determine the namespace to which is applicable each primitive name belongs.

   2)   Mechanism-specific contiguous byte array and string forms:
        Different IGSSName initialization methods are provided to handle
        both byte array and string formats and to accommodate various
        calling applications and name types.  These formats are capable
        of containing only a single mechanism.  A credential may contain at most one
   credential-element for each supported mechanism. A credential-element
   identifies the data needed by name (from a single mechanism namespace).
        Contiguous string names are always accompanied by an object
        identifier specifying the namespace to authenticate a
   single principal, which the name belongs,
        and conceptually contains two credential-references
   that describe their format is dependent on the actual mechanism-specific authentication data, one mechanism
        that employs that name.  The string name forms are assumed to be
        printable, and may therefore be used by GSS-API applications for initiating contexts,  and one
        communication with their users.  The byte array name formats are
        assumed to be used
   for accepting contexts.  For mechanisms that do not distinguish
   between acceptor and initiator credentials, both references would
   point to the same underlying mechanism-specific authentication data.

   Credentials describe a set of mechanism-specific principals, and give
   their holder in non-printable formats (e.g.  the ability to act as any of those principals. All
   principal identities asserted by a single GSS-API credential should
   belong to byte array
        returned from the same entity, although enforcement export method of this property is
   an implementation-specific matter.  A single GSSCredential object
   represents all the credential elements that have been acquired.

   The constructor's for the GSSContext IGSSName interface).

   An IGSSName object allow the value of "null"
   to can be specified as their GSSCredential input parameter. This will
   indicate converted to a desire contiguous representation by
   using the toString method.  This will guarantee that the application name will be
   converted to act as a default principal.
   While individual GSS-API implementations are free to determine such
   default behavior as appropriate to the mechanism, printable format.  Different initialization methods in
   the following
   default behavior by these routines is recommended IGSSName interface are defined allowing support for portability:

        For the initiator side of multiple
   syntaxes for each supported namespace, and allowing users the context:

        1)   If there is only freedom
   to choose a single principal capable of initiating
             security contexts preferred name representation.  The toString method
   should use an implementation-chosen printable syntax for each
   supported name-type.  To obtain the chosen mechanism printable name type,
   getStringNameType method can be used.

   There is no guarantee that calling the
             application is authorized to act toString method on behalf of, then that
             principal shall be used, otherwise

        2)   If the platform maintains a concept of a default network-
             identity for
   IGSSName interface will produce the chosen mechanism, and if same string form as the application original
   imported string name.  Furthermore, it is authorized to act on behalf of possible that identity for the
             purpose of initiating security contexts, then the principal
             corresponding name was
   not even constructed from a string representation.  The same applies
   to that identity shall be used, otherwise

        3)   If the platform maintains name- space identifiers which may not necessarily survive
   unchanged after a concept journey through the internal name-form.  An example
   of this might be a default local
             identity, and mechanism that authenticates X.500 names, but
   provides a means to map local identities an algorithmic mapping of Internet DNS names into
             network-identities for X.500.
   That mechanism's implementation of IGSSName might, when presented
   with a DNS name, generate an internal name that contained both the chosen mechanism,
   original DNS name and if the
             application is authorized to act on behalf of equivalent X.500 name.  Alternatively, it
   might only store the network-
             identity image of X.500 name.  In the default local identity for latter case, the
             purpose toString
   method of initiating security contexts using the chosen
             mechanism, then the principal corresponding to that
             identity shall be used, otherwise

        4)   A user-configurable default identity should be used.

        and for IGSSName would most likely generate a printable X.500 name,
   rather than the original DNS name.

   The context acceptor side of can obtain an IGSSName object representing the
   entity performing the context

        1)   If there is initiation (through the usage of
   getSrcName method).  Since this name has been authenticated by a
   single mechanism, it contains only a single authorized principal identity
             capable of accepting security contexts for name (even if the chosen
             mechanism, then that principal shall be used, otherwise

        2)   If
   internal name presented by the mechanism can determine context initiator to the identity of IGSSContext
   object had multiple components).  Such names are termed internal
   mechanism names, or "MN"s and the target
             principal names emitted by examining the context-establishment token
             processed during IGSSContext
   interface in the accept method, getSrcName and if the accepting
             application is authorized getTargName are always of this type.
   Since some applications may require MNs without wanting to act as that principal for incur the
             purpose
   overhead of accepting security contexts using the chosen
             mechanism, then that principal identity shall be used,
             otherwise

        3)   If the mechanism supports context acceptance by any
             principal, and if mutual an authentication was not requested,
             any principal operation, creation methods are
   provided that take not only the name buffer and name type, but also
   the application is authorized to accept
             security contexts under using the chosen mechanism may be
             used, otherwise

        4)   A user-configurable default identity shall oid for which this name should be used.

   The purpose of created.  When
   dealing with an existing IGSSName object, the above rules is to allow security contexts canonicalize method may
   be invoked to convert a general internal name into an MN.

   IGSSName objects can be
   established by both initiator and acceptor compared using their equal method, which
   returns "true" if the default behavior
   whenever possible.  Applications requesting default behavior are
   likely two names being compared refer to be more portable across mechanisms and implementations than
   ones that instantiate a GSSCredential representing a specific
   identity.

4.7.  Contexts

   The GSSContext class the same
   entity.  This is used the preferred way to represent one end perform name comparisons
   instead of using the printable names that a given GSS-API
   security context, storing state information appropriate to
   implementation may support.  Since GSS-API assumes that end
   of the peer communication, including cryptographic state information.

   GSSContext class has distinct constructors all primitive
   names contained within a given internal name refer to allow the creation of
   an initiator and acceptor side of the contexts. After same
   entity, equal can return "true" if the context has
   been instantiated, two names have at least one
   primitive name in common.  If the initiator implementation embodies knowledge
   of equivalence relationships between names taken from different
   namespaces, this knowledge may choose to set various context
   options which will determine the characteristics also allow successful comparisons of the desired
   security context.
   internal names containing no overlapping primitive elements.

   When all the application desired characteristics
   have been set, used in large access control lists, the initiator will call overhead of creating an
   IGSSName object on each name and invoking the init equal method which will
   produce on each
   name from the ACL may be prohibitive.  As an alternative way of
   supporting this case, GSS-API defines a token special form of the
   contiguous byte array name which may be compared directly (byte by
   byte).  Contiguous names suitable for consumption comparison are generated by the peer's accept
   export method. It is  Exported names may be re-imported by using the responsibility of byte
   array constructor and specifying the application to deliver NT_EXPORT_NAME as the authentication
   token(s) between name type
   object identifier.  The resulting IGSSName name will also be a MN.
   The IGSSName interface defines public static Oid objects representing
   the peer applications for processing. Upon
   completion standard name types.  Structurally, an exported name object
   consists of a header containing an OID identifying the context establishment phase, context attributes can
   be retrieved, by both mechanism that
   authenticated the initiator name, and acceptor, using a trailer containing the accessor
   methods. These will reflect name itself,
   where the actual attributes syntax of the established
   context. At this point the context can be used trailer is defined by the application to
   apply cryptographic services to its data.

4.8.  Authentication tokens

   A token is a caller-opaque type that GSS-API uses to maintain
   synchronization between each end individual
   mechanism specification.  Detailed description of the GSS-API security context. The
   token format is a cryptographically protected octet-string, generated
   specified in the language-independent GSS-API specification
   [GSSAPIv2].

   Note that the results obtained by using the
   underlying mechanism at one end equals method will in
   general be different from those obtained by invoking canonicalize and
   export, and then comparing the byte array output.  The first series
   of a GSS-API security context for use
   by operation determines whether two (unauthenticated) names identify
   the peer same principal; the second whether a particular mechanism at would
   authenticate them as the other end. Encapsulation (if required)
   within same principal.  These two operations will
   in general give the application protocol same results only for MNs.

   It is important to note that the above are guidelines as how IGSSName
   implementations should behave, and transfer are not intended to be specific
   requirements of the token how names objects must be implemented.  The mechanism
   designers are free to decide on the
   responsibility details of their implementations
   of the peer applications.

   Java GSS-API uses byte arrays to represent authentication tokens.
   Overloaded methods exist which allow the caller to supply input and
   output streams which will be used for IGSSName interface as long as the reading and writing of behavior satisfies the
   token data.

4.9.  Interprocess tokens

   Certain above
   guidelines.

4.14.  Channel Bindings

   GSS-API routines are intended to transfer data between
   processes in multi-process programs.  These routines use a caller-
   opaque octet-string, generated by supports the GSS-API in one process for use
   by of user-specified tags to identify a given
   context to the GSS-API in another process.  The calling application is
   responsible for transferring such tokens between processes.  Note
   that, while GSS-API implementors peer application.  These tags are encouraged to avoid placing
   sensitive information within interprocess tokens, or intended to
   cryptographically protect them, many implementations will be unable used
   to avoid placing key material or other sensitive data within them.
   It is identify the application's responsibility to ensure that interprocess
   tokens are protected in transit, and transferred only to processes particular communications channel that carries the
   context.  Channel bindings are trustworthy. An interprocess token is represented communicated to the GSS-API using a the
   ChannelBinding object.  The application may use byte array emitted from arrays to
   specify the export method application data to be used in the channel binding as
   well as using instances of the GSSContext class. InetAddress.  The receiver of InetAddress for the interprocess token would use a GSSContext
   constructor to create
   initiator and/or acceptor can be used within an instance of a new context
   ChannelBinding.  ChannelBinding can be set for the IGSSContext object from
   using the supplied token.
   Once a context setChannelBinding method before the first call to init or
   accept has been exported, performed.  Unless the GSSContext object is
   invalidated and setChannelBinding method has
   been used to set the ChannelBinding for an IGSSContext object, "null"
   ChannelBinding will be assumed.  InetAddress is no longer available.

4.10.  Error Reporting

   RFC 2078 currently the only
   address type defined within the usage of major Java platform and minor status values for
   signaling of GSS-API errors. The major code, also called GSS status
   code, as such, it is used to signal errors at the GSS-API level independent
   only one supported within the ChannelBinding class.  Applications
   that use other types of addresses can include them as part of the underlying mechanism(s). The minor status value or Mechanism
   status code, is a mechanism defined error value indicating a
   mechanism
   application specific error code.

   Java GSS-API uses exceptions implemented by data.

   Conceptually, the GSSException class to
   signal both minor and major error values. Both, mechanism specific
   errors and GSS-API level errors are signaled through instances of
   this class.  The usage of exceptions replaces concatenates the need for major initiator and acceptor
   address information, and
   minor codes to be used within the API calls. GSSException class also
   contains methods application supplied byte array to obtain textual representations for both the major form
   an octet string.  The mechanism calculates a MIC over this octet
   string and minor values, which is equivalent binds the MIC to the functionality context establishment token emitted
   by init method of
   gss_display_status.

4.10.1.  GSS status codes

   GSS status codes indicate errors that the IGSSContext class.  The same bindings are independent of set
   by the
   underlying mechanism(s) used to provide context acceptor for its IGSSContext object and during
   processing of the security service.  The
   errors that can be indicated via accept method a GSS status code are generic API
   routine errors (errors that are defined MIC is calculated in the GSS-API
   specification). same way.
   The Java bindings take advantage of the strong type
   checking of calculated MIC is compared with that found in the Java language, thus eliminating token, and if
   the need for calling
   errors.

   A GSS status code indicates MICs differ, accept will throw a single fatal generic API error from GSSException with the
   routine that has thrown  major
   code set to BAD_BINDINGS, and the GSSException. Using exceptions announces
   that a fatal error has occurred during context will not be established.
   Some mechanisms may include the execution of actual channel binding data in the method.
   Several GSS-API routines can also return supplementary status
   information which indicate non-fatal errors. These are handled as
   return values since using exceptions is
   token (rather than just a MIC); applications should therefore not appropriate for
   informatory or warning-like information. The methods use
   confidential data as channel-binding components.

   Individual mechanisms may impose additional constraints on addresses
   that may appear in channel bindings.  For example, a mechanism may
   verify that are capable
   of producing supplementary information are limited to the per-message
   methods of the GSSContext class, namely verifyMIC and unwrap. These
   methods return an instance of MessageProp class which contains the
   specific supplementary error information.

   GSSException object, along with providing the functionality for
   setting initiator address field of the various error codes and translating them into textual
   representation, also channel binding
   contains the definitions correct network address of all the numeric
   error values. The following table lists host system.  Portable
   applications should therefore ensure that they either provide correct
   information for the definitions of error
   codes:

        Table: GSS Status Codes

                Name           Value                Meaning

        BAD_MECH                 1     An unsupported mechanism
                                       was requested.

        BAD_NAME                 2     An invalid name was supplied.

        BAD_NAMETYPE             3     A supplied name was of an
                                       unsupported type.

        BAD_BINDINGS             4     Incorrect channel bindings were
                                       supplied.

        BAD_STATUS               5     An invalid status code was
                                       supplied.

        BAD_MIC                  6     A token had an invalid MIC.

        NO_CRED                  7     No credentials were supplied, address fields, or omit setting of the credentials were unavailable
                                       or inaccessible.

        NO_CONTEXT               8     Invalid context has been
                                       supplied.

        DEFECTIVE_TOKEN          9     A supplied token was invalid.

        DEFECTIVE_CREDENTIAL    10     A supplied credential was
                                       invalid.

        CREDENTIALS_EXPIRED     11     The referenced credentials
                                       have expired.

        CONTEXT_EXPIRED         12 addressing
   information.

4.15.  Stream Objects

   The context has expired.

        FAILURE                 13     Miscellaneous failure,
                                       unspecified at object provides overloaded methods which use input and
   output streams as the means to convey authentication and per-message
   GSS-API level.

        BAD_QOP                 14     The quality-of-protection
                                       requested could not be provided.

        UNAUTHORIZED            15     The operation is forbidden by
                                       local security policy.

        UNAVAILABLE             16     The operation or option tokens.  It is
                                       unavailable.

        DUPLICATE_ELEMENT       17 important to note that the streams are
   expected to contain the usual GSS-API tokens which would otherwise be
   handled through the usage of byte arrays.  The requested credential
                                       element already exists.

        NAME_NOT_MN             18 tokens are expected to
   have a definite start and an end.  The provided name was callers are responsible for
   ensuring that the supplied streams will not block, or expect to block
   until a
                                       mechanism name.

        OLD_TOKEN               19     The token's validity period has
                                       expired.

        DUPLICATE_TOKEN         20     The full token was is processed by the GSS-API method.  Only a duplicate single
   GSS-API token will be processed per invocation of an
                                       earlier version. the stream based
   method.

   The GSS major status code usage of FAILURE is used streams allows the callers to indicate that have control and
   management of the
   underlying mechanism detected an error for which no specific GSS
   status code is defined.  The mechanism-specific status code can
   provide more details about supplied buffers.  Because streams are non-
   primitive objects, the error.

4.10.2.  Mechanism-specific status codes

   The GSSException thrown from a GSS-API method may originate from callers can make the
   mechanism independent layer streams as complicated or
   as simple as desired simply by using the mechanism specific layer. In streams defined in the
   latter case,
   java.io package or creating their own through the exception use of inheritance.
   This will allow for the application's greatest flexibility.

4.16.  Optional Parameters

   Whenever the application wishes to omit an optional parameter the
   "null" value shall be used.  The detailed method descriptions
   indicate which parameters are optional.  Methods overloading has also
   been used as a technique to indicate not only the
   major error codes but also the mechanism specific error code.

   A default value parameters.

5.  GSS Provider's Interface

   This section presents a brief description of 0 will be used to represent the absence of interfaces that
   encapsulate the
   mechanism specific status code.

4.10.3.  Supplementary status codes

   Supplementary status codes services provided by a GSS-API implementator.  They
   are confined to the per-message methods part of a framework presented in this document that will allow an
   application to switch between different providers at runtime, by
   enabling the GSSContext class.  Because of framework to access the informative nature of desired provider's
   implementation via these
   errors it interfaces.

   The API in this section is meant primarily for GSS implementors. The
   GSS-API user does not appropriate need to use exceptions obtain direct references to signal them.
   Instead, the per-message operations of classes
   implementing these interfaces.  In fact, doing so might make the GSSContext class return an
   instance of
   application dependent on that particular implementation.
   Applications that distribute a MessageProp class which contain supplementary status
   information.

   The MessageProp bundled GSS-API implementation along
   with them can use this API to avoid providing the concrete class defines query methods which return boolean
   values indicating
   wrappers in the following supplementary states:

        Table: Supplementary Status Methods

          Method Name       Meaning when "true" is returned

        isDuplicateToken   The token was a duplicate of an
                           earlier token.

        isOldToken         The token's validity period has
                           expired.

        isUnseqToken       A later token has already been
                           processed.

        isGapToken         An expected per-message token was
                           not received.

   "true" return value framework.  However, for any of the above methods indicates applications that expect to
   use a system-wide GSS library, it is envisioned that the
   token exhibited the specified property.  The application must
   determine callers will
   utilize the appropriate course wrapper classes of action for these supplementary
   values.  They are not treated section 6 as errors by the GSS-API.

4.11.  Names

   A name is used to identify a person or entity.  GSS-API authenticates method of choice for
   the relationship between a name and creation of GSS-API objects.

   This section also shows the entity claiming corresponding RFC 2078 functionality
   implemented by each of the name.

   Since different authentication mechanisms may employ different
   namespaces for identifying interfaces.  Detailed description of these
   interfaces and their principals, GSS-API's naming support methods is necessarily complex in multi-mechanism environments (or even presented in
   some single-mechanism environments where section 7.

5.1.  GSSFactory interface

   This interface represents the underlying mechanism
   supports multiple namespaces).

   Two distinct conceptual representations are defined for names:

   1)   A bootstrapping class that is supplied
   with every GSS-API form represented by instances provider and encapsulates information that is
   specific to that particular provider.  It contains factory methods to
   obtain references to implementations of the GSSName class: A
        single GSSName object may contain multiple names other interfaces from different
        namespaces, but all names should refer to the same entity.  An
        example of such an internal name
   provider.  GSSFactory also handles all queries which would be the name returned from require a call to
   knowledge of the getName method list of underlying mechanisms that is supported by
   the particular provider.  It contains equivalents of the following
   RFC 2078 routines:

        RFC 2078 Routine                Function            Section

   gss_indicate_mechs           List the GSSCredential class, when
        applied to a credential containing credential elements for
        multiple authentication mechanisms employing different
        namespaces. This GSSName object will contain a distinct         7.1.10
                                supported by this GSS-API
                                implementation.

   gss_inquire_mechs_for_name   List the mechanisms         7.1.11
                                supporting the
                                specified name for type.

   gss_inquire_names_for_mech   List the entity for each authentication name types         7.1.12
                                supported by the
                                specified mechanism.

        For

5.2.  IGSSName interface

   GSS-API implementations supporting multiple namespaces,
        GSSName object implementations must contain sufficient
        information to determine names are represented in the namespace to which each primitive
        name belongs.

   2)   Mechanism-specific contiguous byte array and string forms: Java bindings through the
   IGSSName interface.  Different GSSName constructors are provided to handle both byte
        array and string formats and to accommodate various calling
        applications and name types. These formats and their definitions are capable
   identified with universal Object Identifiers (oids).  The format of
        containing only a single name (from a single namespace).
        Contiguous string
   the names can be derived based on the unique oid of each name type.
   The following GSS-API routines are always accompanied provided by the IGSSName
   interface:

     RFC 2078 Routine                 Function               Section(s)

   gss_import_name         Create an object
        identifier specifying internal name from     7.1.1-7.1.4
                           the namespace supplied information.

   gss_display_name        Covert internal name             7.2.6
                           representation to which text format.

   gss_compare_name        Compare two internal names.      7.2.2, 7.2.3

   gss_release_name        Release resources associated     N/A
                           with the internal name.

   gss_canonicalize_name   Convert an internal name belongs,
        and their format is dependent on the authentication to a    7.1.3, 7.2.4
                           mechanism
        that employs that name.  The string

   gss_export_name         Convert a mechanism name forms are assumed to be
        printable, and may therefore be used by GSS-API applications for
        communication with their users.      7.2.5
                           export format.

   gss_duplicate_name      Create a copy of the internal    N/A
                           name.

   The byte array name formats are
        assumed gss_release_name call is not provided as Java does its own
   garbage collection. The gss_duplicate_name call is also redundant;
   the IGSSName interface has no mutator methods that can change the
   state of the object, and so long as there is a reference to it, the
   object will not be in non-printable formats (e.g. released by the byte array
        returned from JVM.

5.3.  IGSSCredential interface

   The IGSSCredential interface is responsible for the export method encapsulation of
   GSS-API credentials.  Credentials identify a single entity and
   provide the GSSName class). necessary cryptographic information to enable the
   creation of a context on behalf of that entity.  A GSSName object can be converted single credential
   may contain multiple mechanism specific credentials, each referred to
   as a contiguous representation by
   using credential element.  The IGSSCredential interface provides the toString method.  This will guarantee that
   functionality of the name will be
   converted to a printable format. Different constructors following GSS-API routines:

       RFC 2078 Routine                Function              Section(s)

   gss_acquire_cred           Acquire credential for use.   7.1.5-7.1.7

   gss_add_cred               Constructs credentials           7.3.11
                              incrementally.

   gss_inquire_cred           Obtain information about         7.3.3-
                              credential.

   gss_inquire_cred_by_mech   Obtain per-mechanism          7.3.3-7.3.10
                              information about
                              a credential.

   gss_release_cred           Disposes of credentials          7.3.2
                              after use.

5.4.  IGSSContext interface

   This interface encapsulates the
   GSSName object are defined allowing support for multiple syntaxes functionality of context-level calls
   required for
   each supported namespace, security context establishment and allowing users management between
   peers as well as the freedom per-message services offered to choose a
   preferred name representation. The toString method should use an
   implementation-chosen printable syntax for each supported name-type.
   To obtain the printable name type, getStringNameType method can be
   used.

   There applications.  A
   context is no guarantee that calling established between a pair of peers and allows the toString method usage
   of security services on a GSSName
   object will produce per-message basis on application data.  It
   is created over a single security mechanism.  The IGSSContext
   interface provides the same string form as functionality of the original imported
   string name.  Furthermore, it is possible that following GSS-API
   routines:

      RFC 2078 Routine                 Function              Section(s)

   gss_init_sec_context     Initiate the name was not even
   constructed from creation of a       7.4.2,
                            security context with            7.4.3
                            a peer.

   gss_accept_sec_context   Accept a security context        7.4.4,
                            initiated by a peer.             7.4.5

   gss_delete_sec_context   Destroy a security context.      7.4.7

   gss_context_time         Obtain remaining context         7.4.36
                            time.

   gss_inquire_context      Obtain context                   7.3.38 to
                            characteristics.                 7.3.43

   gss_wrap_size_limit      Determine token-size limit       7.4.8
                            for gss_wrap.

   gss_export_sec_context   Transfer security context        7.4.17
                            to another process.

   gss_import_sec_context   Create a previously exported     7.1.10
                            context.

   gss_get_mic              Calculate a cryptographic        7.4.13,
                            Message Integrity Code (MIC)     7.4.14
                            for a string representation. The same applies to name-
   space identifiers which may not necessarily survive unchanged after message.

   gss_verify_mic           Verify integrity on a
   journey through the internal name-form.  An example of this might be received   7.4.15,
                            message.                         7.4.16

   gss_wrap                 Attach a mechanism that authenticates X.500 names, but provides an
   algorithmic mapping of Internet DNS names into X.500.  That
   mechanism's implementation of GSSName might, when presented with MIC to a
   DNS name, generate an internal name that contained both the original
   DNS name message and    7.4.9,
                            optionally encrypt the equivalent X.500 name. Alternatively, it might only
   store the X.500 name.  In the latter case, the toString method of
   GSSName would most likely generate message   7.4.10
                            content.

   gss_unwrap               Obtain a printable X.500 name, rather
   than the original DNS name. previously wrapped      7.4.11,
                            application message verifying    7.4.12
                            its integrity and optionally
                            decrypting it.

   The context acceptor can obtain an instance of GSSName representing
   the entity performing functionality offered by the context initiation (through gss_process_context_token routine
   has not been included in the usage Java bindings specification.  The
   corresponding functionality of
   getSrcName method). Since this name gss_delete_sec_context has also been authenticated by a
   single mechanism, it contains only a single name (even if
   modified to not return any peer tokens.  This has been proposed in
   accordance to the
   internal name presented by recommendations stated in the RFC 2078 update
   draft.  IGSSContext does offer the functionality of destroying the
   locally-stored context initiator to information.

6.  GSS Application Programmer's Classes

   This section presents a brief description of the GSSContext
   object had multiple components). Such names classes that a
   typical application would use.  The implementations of these classes
   are termed internal
   mechanism names, or "MN"s and picked from the names emitted CLASSPATH defined by GSSContext class
   in the getSrcName and getTargName are always application.  If Java
   GSS becomes part of this type.  Since
   some applications may require MNs without wanting to incur the
   overhead of an authentication operation, a set standard Java API's then these classes will
   be available by default on all systems as part of constructors is
   provided which take not only the name buffer JRE's system
   classes.

   These classes are primarily part of a framework and name type, but also do not provide
   any of the mechanism oid for which this name should be created.  When
   dealing with an existing GSSName object, security services themselves.  The classes that provide
   the canonicalize method may
   be invoked to convert security services are those that a general internal name into an MN.

   GSSName objects provider can be compared using plug into this
   framework as described in sections 4.2 and 5.  Some classes described
   here delegate their equal method, which
   returns "true" if the two names being compared refer to the same
   entity. This is the preferred way calls to perform name comparisons instead
   of using the printable names that a given GSS-API appropriate implementation may
   support. Since GSS-API assumes that all primitive names contained
   within a given internal name refer to class
   from the same entity, equal can
   return "true" if provider.

   This section also shows the two names have at least one primitive name in
   common.  If corresponding RFC 2078 functionality
   implemented by each of the implementation embodies knowledge interfaces.  Detailed description of equivalence
   relationships between names taken from different namespaces, this
   knowledge may these
   interfaces and their methods is presented in section 7.

6.1.  GSSManager class

   This class contains methods to interrogate a provider's GSSFactory
   object.  It also allow successful comparisons provides a means for a single point of internal names
   containing no overlapping primitive elements.

   When used in large access control lists, the overhead of creating a
   GSSName on each name and invoking to
   set the equal method on each name from preferred GSS-API provider.  All delegation done by the ACL may be prohibitive.  As an alternative way
   GSSContext, GSSCredential and GSSName classes is then directed to
   implementing classes for that provider by default.

   Implementions of supporting this
   case, GSS-API defines class can locate and instantiate a special form provider
   with the help of the contiguous byte array
   name which may be compared directly (byte by byte).  Contiguous names
   suitable java.Security.getProvider() method.  They can
   query the provider for comparison are generated by the export method, "org.ietf.JGSS.GSSFactory" property which
   requires
   returns the name of that provider's GSSFactory implementation.

   By encapsulating this behaviour in this class an application can
   seamlessly switch between GSS-API implementations at runtime by
   simply identifying a new provider to the GSSManager.

   It contains the equivalents of the following RFC 2078 routines to
   query the provider's GSSFactory: gss_indicate_mechs,
   gss_inquire_mechs_for_name, gss_inquire_names_for_mech.

6.2.  GSSName represent class

   This concrete class is a MN.  Exported names may be re-
   imported by using wrapper around the byte array constructor and specifying interface IGSSName.  It
   provides all the
   NT_EXPORT_NAME as methods that are defined in the name type object identifier.  The resulting
   GSSName name will also be IGSSName interface
   and associated constructors.  It uses the preferred GSS-API provider
   and its GSSFactory to instantiate an IGSSName implementation and then
   delegate all calls to it.

6.3.  GSSCredential class

   This concrete class is a MN.  The GSSName object defines public
   static Oid objects representing wrapper around the standard name types.
   Structurally, interface IGSSCredential.
   It provides all the methods that are defined in the IGSSCredential
   interface and associated constructors.  It uses the preferred GSS-API
   provider and its GSSFactory to instantiate an exported name object consists of IGSSCredential
   implementation and then delegate all calls to it.

6.4.  GSSContext class

   This concrete class is a header containing
   an OID identifying wrapper around the mechanism interface IGSSContext.
   It provides all the methods that authenticated are defined in the name, IGSSContext
   interface and a
   trailer containing associated constructors.  It uses the name itself, where preferred GSS-API
   provider and its GSSFactory to instantiate an IGSSContext
   implementation and then delegate all calls to it.

6.5.  MessageProp class

   This helper class is used in the syntax of per-message operations on the trailer
   context.  An instance of this class is defined created by the individual mechanism specification.  Detailed
   description of application and
   then passed into the format is specified per-message calls.  In some cases, the
   application conveys information to the GSS-API implementation through
   this object and in other cases the language-independent GSS-API specification [GSSAPIv2].

   Note that returns information to the results obtained
   application by using the equal method will setting it in
   general be different from those obtained by invoking canonicalize and
   export, and then comparing this object.  See the byte array output.  The first series description of operation determines whether two (unauthenticated) names identify the same principal; the second whether a particular mechanism would
   authenticate them as the same principal.  These two
   per-message operations will wrap, unwrap, getMIC, and verifyMIC in general give the same results only
   IGSSContext interfaces for MNs.

   It details.

6.6.  GSSException class

   Exceptions are used in the Java bindings to signal fatal errors to
   the calling applications.  This replaces the major and minor codes
   used in the C-bindings specification as a method of signaling
   failures.  The GSSException class handles both minor and major codes,
   as well as their translation into textual representation.  All GSS-
   API methods are declared as throwing this exception.

    RFC 2078 Routine           Function              Section

   gss_display_status   Retrieve textual          7.8.5, 7.8.6,
                        representation of error   7.8.8, 7.8.9
                        codes.

6.7.  Oid class

   This utility class is important used to note that the above are guidelines as how GSSName
   objects should behave, represent Universal Object Identifiers
   and are not intended to be specific
   requirements of how names objects must be implemented. The mechanism
   designers are free to decide on the details of their implementations
   of the GSSName associated operations.  GSS-API uses object as long as the behavior satisfies identifiers to
   distinguish between security mechanisms and name types.  This class,
   aside from being used whenever an object identifier is needed,
   implements the above
   guidelines.

4.12.  Channel Bindings following GSS-API supports functionality:

      RFC 2078 Routine                  Function              Section

   gss_test_oid_set_member   Determine if the use specified oid   7.7.6
                             is part of user-specified tags to identify a given
   context to the peer application.  These tags are intended to be set of oids.

6.8.  ChannelBinding class

   An instance of this class is used to identify the particular communications specify channel that carries the
   context.  Channel bindings are communicated binding
   information to the GSS-API using IGSSContext object before the
   ChannelBinding object. start of a security
   context establishment.  The application may use a byte arrays array to
   specify
   the application data to be used in the channel binding as well as
   using
   use instances of the InetAddress. The InetAddress for the initiator
   and/or acceptor can be used within an instance of a ChannelBinding.
   ChannelBinding can be set for the GSSContext object using the
   setChannelBinding method before the first call to init or accept has
   been performed. Unless the setChannelBinding method has been used to
   set the ChannelBinding for an instance of GSSContext method, "null"
   ChannelBinding will be assumed.  InetAddress is currently the only
   address type defined within the Java platform and as such, it is the
   only one supported within the ChannelBinding class.

   Conceptually, Applications that
   use other types of addresses can include them as part of the
   application data.

7.  Detailed GSS-API Class Description

   This section lists a detailed description of all the public methods
   that each of the GSS-API concatenates classes and interfaces must provide.

7.1.  public interface GSSFactory

   This interface provides factory methods to obtain provider specific
   implementations of the initiator interfaces IGSSCredential, IGSSName, and acceptor
   address information,
   IGSSContext.  It also contains other functionality that requires
   implementation specific knowledge and cannot be placed cleanly in any
   of the application supplied byte array to form
   an octet string. The mechanism calculates other interfaces.

   Each GSS-API provider defines a MIC over class that implements this octet
   string and binds the MIC to interface.
   Applications can instantiate the context establishment token emitted
   by init method provider's implementation of
   GSSFactory if they are aware of the GSSContext qualified name of that class.  The same bindings
   However, in the interest of portability applications are set by advised to
   go through the context acceptor GSSManager API instead.  The GSSFactory interface is
   primarily meant for its GSSContext object GSS implementors and during processing
   of the accept method for developers who bundle a MIC is calculated in
   custom GSS-API implementation together with their application.  Such
   applications may choose not to implement the same way. The
   calculated MIC is compared GSSManager class along
   with that found in the token, other wrappers such as GSSName, GSSCredential, and if
   GSSContext.  They would then directly instantiate and use the
   MICs differ, accept will throw a
   interfaces described in section 5.

7.1.1.  createName

   public IGSSName createName(String nameStr, Oid nameSpace)
                   throws GSSException with

   Factory method to convert a contiguous string name from the  major code
   set specified
   namespace to BAD_BINDINGS, and an IGSSName object.  In general, the context IGSSName object
   created will not be established.  Some
   mechanisms may include the actual channel binding data in the token
   (rather than just a MIC); applications should therefore not use
   confidential data as channel-binding components.

   Individual mechanisms may impose additional constraints on addresses
   that may appear in channel bindings.  For example, a mechanism may
   verify an MN; two examples that are exceptions to this
   are when the namespace type parameter indicates NT_EXPORT_NAME or
   when the initiator address field GSS-API implementation is not multi-mechanism.

   Parameters:

        nameStr   The string representing a printable form of the channel binding
   contains name
                  to create.

        nameType  The Oid specifying the correct network address namespace of the host system.  Portable
   applications should therefore ensure printable name
                  supplied. Note that they either provide correct
   information for nameType serves to describe and
                  qualify the address fields, or omit setting interpretation of the addressing
   information.

4.13.  Stream Objects

   The GSSContext object provides overloaded methods which use input and
   output streams as nameStr, it
                  does not necessarily imply a type for the means to convey authentication and per-message
   GSS-API tokens. It is important output
                  IGSSName implementation. "null" value can be used to note
                  specify that a mechanism specific default printable
                  syntax should be assumed by each mechanism that
                  examines nameStr.

7.1.2.  createName

   public IGSSName createName(byte name[], Oid nameType)
                   throws GSSException

   Factory method to convert a contiguous byte array containing a name
   from the streams specified namespace to an IGSSName object.  In general, the
   IGSSName object created will not be an MN; two examples that are expected
   exceptions to contain this are when the namespace type parameter indicates
   NT_EXPORT_NAME or when the usual GSS-API tokens which would otherwise be handled
   through implementation is not multi-
   mechanism.

   Parameters:

        name      The byte array containing the usage name to create.

        nameType  The Oid specifying the namespace of the name supplied
                  in the byte arrays. The tokens are expected array.
        Note that nameType serves to have a
   definite start describe and an end. The callers are responsible for ensuring
   that qualify the supplied streams will
        interpretation of the input name byte array, it does not block, or expect to block until
        necessarily imply a
   full token is processed by type for the GSS-API method. Only output IGSSName implementation.
        "null" value can be used to specify that a single GSS-API
   token will mechanism specific
        default syntax should be processed per invocation of assumed by each mechanism that examines
        the stream based method. byte array..IP "nameType" 10 The usage Oid specifying the
        namespace of streams allows the callers printable name supplied. Note that nameType
        serves to have control describe and
   management qualify the interpretation of the supplied buffers. Because streams are non-primitive
   objects, input
        nameStr, it does not necessarily imply a type for the callers output
        IGSSName implementation. "null" value can make the streams as complicated or as simple
   as desired simply be used to specify
        that a mechanism specific default printable syntax should be
        assumed by using each mechanism that examines nameStr.

7.1.3.  createName

   public IGSSName createName(String nameStr, Oid nameType,
                   Oid mechType) throws GSSException

   Factory method to convert a contiguous string name from the streams defined in specified
   namespace to an IGSSName object that is a mechanism name (MN).  In
   other words, this method is a utility that does the java.io package
   or creating their own through equivalent of two
   steps: the use createName described in 7.1.1 and then also the
   IGSSName.canonicalize() described in 7.2.4.

   Parameters:

        nameStr   The string representing a printable form of inheritance. This will allow
   for the application's greatest flexibility.

4.14.  Optional Parameters

   Whenever name
                  to create.

        nameType  The Oid specifying the application wishes namespace of the printable name
                  supplied.  Note that nameType serves to omit an optional parameter describe and
                  qualify the interpretation of the input nameStr, it
                  does not necessarily imply a type for the output
                  IGSSName implementation. "null" value shall can be used.  The detailed method descriptions
   indicate which parameters are optional.  Methods overloading has also
   been used as to
                  specify that a technique mechanism specific default printable
                  syntax should be assumed when the mechanism examines
                  nameStr.

        mechType  Oid specifying the mechanism for which this name
                  should be created.

7.1.4.  createName

   public createName(byte name[], Oid nameType, Oid mechType)
                   throws GSSException

   Factory method to indicate default parameters.

5.  Additional Controls

   This section discusses convert a contiguous byte array containing a name
   from the optional services specified namespace to an IGSSName object that is an MN.  In
   other words, this method is a context initiator
   may request of the GSS-API before utility that does the context establishment. Each equivalent of
   these services is requested by calling two
   steps: the appropriate mutator method createName described in 7.1.2 and then also the GSSContext object before
   IGSSName.canonicalize() described in 7.2.4.

   Parameters:

        name      The byte array representing the first call name to init is performed.

   Only the context initiator can request context flags.

   The optional services defined are:

   Delegation create.

        nameType  The (usually temporary) transfer of rights from initiator to
        acceptor, enabling Oid specifying the acceptor to authenticate itself as an
        agent namespace of the initiator.

   Mutual Authentication
        In addition to name supplied
                  in the initiator authenticating its identity byte array.  Note that nameType serves to
                  describe and qualify the
        context acceptor, interpretation of the context acceptor should also authenticate
        itself to input
                  name byte array, it does not necessarily imply a type
                  for the initiator.

   Replay Detection
        In addition to providing message integrity services, GSSContext
        per-message operations of getMIC and wrap should include message
        numbering information  to enable verifyMIC and unwrap output IGSSName implementation. "null" value
                  can be used to detect
        if specify that a message has been duplicated.

   Out-of-Sequence Detection
        In addition to providing message integrity services, GSSContext
        per-message operations  (getMIC and wrap) mechanism specific
                  default syntax should include message
        sequencing information to enable verifyMIC and unwrap be assumed by each mechanism
                  that examines the byte array.

        mechType  Oid specifying the mechanism for which this name
                  should be created.

7.1.5.  createCredential

   public IGSSCredential createCredential (int usage)
                   throws GSSException

   Factory method for acquiring default credentials.  This will cause
   the GSS-API to detect
        if a message has been received out use system specific defaults for the set of sequence.

   Anonymous Authentication
   mechanisms, name, and an INDEFINITE lifetime.

   Parameters:

        usage     The establishment intended usage for this credential object.  The
                  value of this parameter must be one of:
                  IGSSCredential.ACCEPT_AND_INITIATE,
                  IGSSCredential.ACCEPT_ONLY,
                  IGSSCredential.INITIATE_ONLY

7.1.6.  createCredential

   public IGSSCredential createCredential (IGSSName aName,
                   int lifetime, Oid mechOid, int usage)
                   throws GSSException

   Factory method for acquiring a single mechanism credential.

   Parameters:

        aName     Name of the security context should not reveal the
        initiator's identity principal for whom this credential is to
                  be acquired.  Use "null" to specify the context acceptor.

   Some mechanisms may not support all optional services, and some
   mechanisms may only support some services in conjunction with others. default
                  principal.

        lifetime  The GSSContext class offers query methods number of seconds that credentials should remain
                  valid.  Use IGSSCredential.INDEFINITE to allow request that
                  the verification
   by credentials have the calling application maximum permitted lifetime.

        mechOid   The oid of which services will be available from the context when the establishment phase is complete.  In general, if desired mechanism.  Use "(Oid) null" to
                  request the security mechanism is capable default mechanism(s).

        usage     The intended usage for this credential object.  The
                  value of providing a requested service,
   it should do so even if additional services this parameter must be enabled one of:
                  IGSSCredential.ACCEPT_AND_INITIATE,
                  IGSSCredential.ACCEPT_ONLY,
                  IGSSCredential.INITIATE_ONLY

7.1.7.  createCredential

   public IGSSCredential createCredential(IGSSName aName,
                   int lifetime, Oid mechs[], int usage)
                   throws GSSException

   Factory method for acquiring credentials over a set of mechanisms.
   Acquires credentials for each of the mechanisms specified in order
   to provide the requested service. If
   array called mechs.  To determine the mechanism is incapable list of
   providing a requested service, it should proceed without mechanisms' for which
   the service
   leaving acquisition of credentials succeeded, the application to abort caller should use the context establishment process if
   it considers
   IGSSCredential.getMechs() method.

   Parameters:

        aName     Name of the requested service principal for whom this credential is to
                  be mandatory.

   Some mechanisms may acquired.  Use "null" to specify the default
                  principal.

        lifetime  The number of seconds that support for some services is
   optional, and credentials should remain
                  valid.  Use IGSSCredential.INDEFINITE to request that implementors
                  the credentials have the maximum permitted lifetime.

        mechOid   The array of mechanisms over which the mechanism need not provide it.
   This credential is most commonly true
                  to be acquired.  Use "(Oid[]) null" for requesting a
                  system specific default set of the confidentiality service, often
   because mechanisms.

        usage     The intended usage for this credential object.  The
                  value of legal restrictions this parameter must be one of:
                  IGSSCredential.ACCEPT_AND_INITIATE,
                  IGSSCredential.ACCEPT_ONLY,
                  IGSSCredential.INITIATE_ONLY

7.1.8.  createContext

   public IGSSContext createContext(IGSSName peer, Oid mechOid,
                   IGSSCredential myCred, int lifetime)
                   throws GSSException

   Factory method for creating a context on the use of data-encryption, but initiator's side.
   Context flags may
   apply be modified through the mutator methods prior to any
   calling IGSSContext.initSecContext().

   Parameters:

        peer      Name of the services.  Such mechanisms are required target peer.

        mechOid   Oid of the desired mechanism.  Use "(Oid) null" to send
   at least one token from acceptor
                  request default mechanism.

        myCred    Credentials of the initiator.  Use "null" to act as a
                  default initiator during context
   establishment when principal.

        lifetime  The request lifetime, in seconds, for the initiator indicates a desire to use such credential.

7.1.9.  createContext

   public IGSSContext createContext(IGSSCredential myCred)
                   throws GSSException

   Factory method for creating a
   service, so that context on the initiating GSS-API can correctly indicate
   whether acceptor' side.  The
   context's properties will be determined from the service is supported by input token supplied
   to the acceptor's GSS-API.

5.1.  Delegation accept method.

   Parameters:

        myCred    Credentials for the acceptor.  Use "null" to act as a
                  default acceptor principal.

7.1.10.  createContext

   public IGSSContext createContext(byte [] interProcessToken)
                   throws GSSException

   Factory method for creating a previously exported context.  The GSS-API allows delegation to
   context properties will be controlled by determined from the initiating
   application via input token and can't
   be modified through the requestCredDeleg method before set methods.

   Parameters:

        interProcessToken
                  The token previously emitted from the first call to
   init has been issued.  Some mechanisms do not support delegation, and export method.

7.1.11.  getMechs

   public Oid[] getMechs()
   Returns an array of Oid objects, one for such each mechanism available
   through this GSS-API implementation.  A "null" value is returned when
   no mechanism are available (an example of this would be when
   mechanism are dynamically configured, and currently no mechanisms attempts by an application to enable delegation are ignored.

   The acceptor
   installed).

7.1.12.  getMechsForName

   public Oid[] getMechsForName(Oid nameType)

   Returns an array of a security context, Oid objects, one for which the initiator enabled
   delegation, can check if delegation was enabled by using the
   getCredDelegState method of each mechanism that supports
   the GSSContext class.  In cases specific namespace type.  "null" is returned when it
   is, no mechanisms
   are found to support the delegated credential specified namespace type.

   Parameters:

        nameType  The Oid object can be obtained for the namespace type

7.1.13.  getNamesForMech

   public Oid[] getNamesForMech(Oid mech) throws GSSException

   Returns the Oid's for the various types of namespaces that are
   supported by calling the
   getDelegCred method. specified mechanism.

   Parameters:

        mech      The obtained GSSCredential object may then be
   used Oid for the mechanism to initiate subsequent query.

7.2.  public interface IGSSName extends java.security.Principal

   This interface encapsulates a single GSS-API security contexts as an agent or
   delegate of the initiator.  If the original initiator's identity is
   "A" principal entity.
   Different name formats and their definitions are identified with
   universal Object Identifiers (Oids).  The format of the delegate's identity is "B", then, depending names can be
   derived based on the
   underlying mechanism, unique oid of its namespace type.

   This interface extends the identity embodied by java.security.Principal interface which
   represents the delegated
   credential more abstract notion of an entity in Java.  With
   IGSSName extending this standard java interface, we achieve a tighter
   integration of GSS-API names with java objects.  Applications may use
   this to their benefit in instances where a GSS name can be either "A" or "B acting passed as
   a java security name, for A".

   For many mechanisms that support delegation, instance, to a simple boolean does
   not provide enough control.  Examples repository of additional aspects principal
   names.

   The java.security.Principal.getName() method of
   delegation control that a mechanism might provide class implementing
   the IGSSName interface is expected to an application
   are duration of delegation, network addresses from return the same String as the
   toString() method would, which delegation is valid, and constraints on the tasks that may be performed by equivalent of the
   gss_display_name() call.

7.2.1.  Static Constants

   public static final Oid NT_HOSTBASED_SERVICE

   Oid indicating a
   delegate.  Such controls host-based service name form.  It is used to
   represent services associated with host computers.  This name form is
   constructed using two elements, "service" and "hostname", as follows:

        service@hostname

   Values for the "service" element are presently outside registered with the scope of IANA. It
   represents the GSS-
   API.  GSS-API implementations supporting mechanisms offering
   additional controls should provide extension routines that allow
   these controls following value: { 1(iso), 3(org), 6(dod),
   1(internet), 5(security), 6(nametypes), 2(gss-host-based-services) }

   public static final Oid NT_USER_NAME

   Name type to indicate a named user on a local system.  It represents
   the following value: { iso(1) member-body(2) United States(840)
   mit(113554) infosys(1) gssapi(2) generic(1) user_name(1) }

   public static final Oid NT_MACHINE_UID_NAME

   Name type to be exercised (perhaps by modifying the initiator's
   GSS-API credential object prior indicate a numeric user identifier corresponding to its use in establishing a
   context).  However,
   user on a local system. (e.g. Uid).  It represents the simple delegation control provided by GSS-API
   should always be able following
   value: { iso(1) member-body(2) United States(840) mit(113554)
   infosys(1) gssapi(2) generic(1) machine_uid_name(2) }

   public static final Oid NT_STRING_UID_NAME

   Name type to over-ride other mechanism-specific
   delegation controls.  If indicate a string of digits representing the application instructs numeric
   user identifier of a user on a local system. It represents the GSSContext
   object that delegation is not desired, then
   following value:  { iso(1) member-body(2) United States(840)
   mit(113554) infosys(1) gssapi(2) generic(1) string_uid_name(3) }

   public static final Oid NT_ANONYMOUS
   Name type for representing an anonymous entity. It represents the implementation must
   not permit delegation
   following value: { 1(iso), 3(org), 6(dod), 1(internet), 5(security),
   6(nametypes), 3(gss-anonymous-name) }

   public static final Oid NT_EXPORT_NAME

   Name type used to occur. This is indicate an exception to the general
   rule that a mechanism may enable services even if they are not
   requested - delegation may only be provided at exported name produced by the explicit request
   of export
   method. It represents the application.

5.2.  Mutual Authentication

   Usually, a context acceptor will require that a context initiator
   authenticate itself so that following value: { 1(iso), 3(org), 6(dod),
   1(internet), 5(security), 6(nametypes), 4(gss-api-exported-name) }

7.2.2.  equals

   public boolean equals(IGSSName another) throws GSSException

   Compares two IGSSName objects to determine whether they refer to the acceptor
   same entity.  This method may make an access-control
   decision prior to performing throw a service for GSSException when the initiator.  In some
   cases, names
   cannot be compared.  If either of the initiator may also request that names represents an anonymous
   entity, the acceptor authenticate
   itself.  GSS-API allows method will return "false".

   Parameters:

        another   GSSName object to compare with.

7.2.3.  equals

   public boolean equals(Object another)

   A variation of the initiating application equals method described in 7.2.2 that is provided
   to request this
   mutual authentication service by calling override the requestMutualAuth Object.equals() method
   of that the GSSContext implementing class with a "true" parameter before making the
   first call to init.
   will inherit.  The initiating application behaviour is informed as to
   whether or not exactly the context acceptor has authenticated itself.  Note same as that some mechanisms may not support mutual authentication, and other
   mechanisms may always perform mutual authentication, whether or not
   the initiating application requests it.  In particular, mutual
   authentication may in 7.2.2
   except that no GSSException is thrown; instead, false will be required by some mechanisms
   returned in order the situation where an error occurs.

   Parameters:

        another   GSSName object to support
   replay or out-of-sequence message detection, and for such mechanisms
   a request for either of these services will automatically enable
   mutual authentication.

5.3.  Replay and Out-of-Sequence Detection

   The GSS-API may provide detection of mis-ordered messages once compare with.

7.2.4.  canonicalize

   public IGSSName canonicalize(Oid mechOid) throws GSSException

   Creates a
   security context has been established.  Protection may be applied mechanism name (MN) from an arbitrary internal name.  This
   is equivalent to
   messages by either application, by calling either getMIC or wrap
   methods of the GSSContext class, and verified by using the peer application
   by calling verifyMIC factory methods described in 7.1.3 or unwrap for
   7.1.4 that take the peer's GSSContext object.

   getMIC calculates a cryptographic checksum mechanism name as one of an application message,
   and returns that checksum in a token. their parameters.

   Parameters:

        mechOid   The application should pass
   both the token and the message to oid for the peer application, authentication mechanism for which
   presents them to the verifyMIC method
                  canonical form of the peer's GSSContext
   object.

   wrap calculates name is requested.

7.2.5.  export

   public byte[] export() throws GSSException

   Returns a cryptographic checksum canonical contiguous byte representation of an application message,
   and places both the checksum and a mechanism
   name (MN), suitable for direct, byte by byte comparison by
   authorization functions.  If the message inside name is not an MN, implementations
   may throw a single token.
   The application should pass GSSException with the token NAME_NOT_MN status code.  If an
   implementation chooses not to the peer application, which
   presents throw an exception, it should use some
   system specific default mechanism to canonicalize the unwrap method of the peer's GSSContext object to
   extract the message name and verify the checksum.

   Either pair of routines may be capable of detecting out-of-sequence
   message delivery, or duplication of messages. Details of such mis-
   ordered messages are indicated through supplementary query methods then
   export it.  The format of the MessageProp object returned from each header of these routines.

   A mechanism need not maintain the outputted buffer is
   specified in RFC 2078.

7.2.6.  toString

   public String toString()

   Returns a list textual representation of all tokens that have been
   processed in order to support these status codes.  A typical
   mechanism might retain information about only the most recent "N"
   tokens processed, allowing it to distinguish duplicates and missing
   tokens within GSSName object.  To retrieve
   the most recent "N" messages; printed name format, which determines the receipt syntax of a token
   older than the most recent "N" would result in a isOldToken method returned
   string, the getStringNameType method can be used.

7.2.7.  getStringNameType

   public Oid getStringNameType() throws GSSException

   Returns the oid representing the type of name returned through the instance
   toString method.  Using this oid, the syntax of MessageProp to return "true".

5.4.  Anonymous Authentication

   In certain situations, an application may wish to initiate the
   authentication process to authenticate a peer, without revealing its
   own identity.  As printable name
   can be determined.

7.2.8.  isAnonymous

   public boolean isAnonymous()

   Tests if this name object represents an example, consider anonymous entity.  Returns
   "true" if this is an application providing
   access to a database containing medical information, anonymous name.

7.2.9.  isMN

   public boolean isMN()

   Tests if this name object contains only one mechanism element and offering
   unrestricted access to is
   thus a mechanism name as defined by RFC 2078.

7.3.  public interface IGSSCredential implements Cloneable

   This interface encapsulates the service. GSS-API credentials for an entity.  A client
   credential contains all the necessary cryptographic information to
   enable the creation of such a service might
   wish to authenticate context on behalf of the service (in order to establish trust in any entity that it
   represents.  It may contain multiple, distinct, mechanism specific
   credential elements, each containing information retrieved from it), for a specific
   security mechanism, but might not wish the service to be
   able all referring to obtain the client's identity (perhaps due same entity.

   A credential may be used to privacy concerns
   about the specific inquiries, perform context initiation, acceptance,
   or perhaps simply to avoid being placed both.

   GSS-API implementations must impose a local access-control policy on mailing-lists).

   In normal use of the GSS-API, the initiator's identity
   callers to prevent unauthorized callers from acquiring credentials to
   which they are not entitled.  GSS-API credential creation is made
   available not
   intended to provide a "login to the acceptor network" function, as such a result of
   function would involve the context establishment
   process. However, context initiators may request that their identity
   not be revealed creation of new credentials rather than
   merely acquiring a handle to the context acceptor. Many mechanisms do not
   support anonymous authentication, and for such mechanisms the request
   will not be honored.  An authentication token will still existing credentials.  Such functions,
   if required, should be
   generated, but defined in implementation-specific extensions
   to the application API.

   If credential acquisition is always informed if time-consuming for a requested
   service is unavailable, and has mechanism, the option
   mechanism may choose to abort context
   establishment if anonymity is valued above delay the other security
   services that would require a context to be established.

   In addition to informing actual acquisition until the application that a context
   credential is
   established anonymously (via required (e.g.  by IGSSContext).  Such mechanism-
   specific implementation decisions should be invisible to the isAnonymous method of calling
   application; thus the GSSContext
   class), query methods immediately following the getSrcName method
   creation of the acceptor's GSSContext a credential object
   will, for such contexts, must return a reserved internal-form name,
   defined by valid credential data,
   and may therefore incur the implementation.

   The toString method for overhead of a GSSName object representing an anonymous
   entity deferred credential
   acquisition.

   Applications will return create a printable name. credential object passing the desired
   parameters.  The returned value will be
   syntactically distinguishable from any valid principal name supported application can then use the query methods to obtain
   specific information about the instantiated credential object
   (equivalent to the gss_inquire routines).  When the credential is no
   longer needed, the application should call the dispose (equivalent to
   gss_release_cred) method to release any resources held by the implementation.  The associated name-type
   credential object identifier and to destroy any cryptographically sensitive
   information.

   Classes implementing this interface also implement the Cloneable
   interface. This indicates the the class will be an oid representing support the value clone()
   method that will allow the creation of NT_ANONYMOUS. duplicate credentials.  This name-type
   oid will be defined as
   is useful when called just before the add() call to retain a public, static Oid object copy of
   the GSSName
   class. The printable form of an anonymous name should original credential.

7.3.1.  Static Constants

   public static final int INITIATE_AND_ACCEPT

   Credential usage flag requesting that it be chosen such able to be used for both
   context initiation and acceptance.

   public static final int INITIATE_ONLY

   Credential usage flag requesting that it implies anonymity, since this name may appear in, be able to be used for
   example, audit logs.  For example, the string "<anonymous>" might
   context initiation only.

   public static final int ACCEPT_ONLY

   Credential usage flag requesting that it be
   a good choice, if no valid printable names supported by the
   implementation can begin with "<" and end with ">".

   When using the equal method of the GSSName class, and one of the
   operands is a GSSName instance able to be used for
   context acceptance only.

   public static final int INDEFINITE

   A lifetime constant representing an anonymous entity, the
   method indefinite credential lifetime.
   This value must return "false".

5.5.  Confidentiality

   If a GSSContext supports be set to the confidentiality service, wrap method maximum integer value in Java -
   Integer.MAX_VALUE.

7.3.2.  dispose

   public void dispose() throws GSSException

   Releases any sensitive information that the IGSSCredential object may
   be used containing.  Applications should call this method as soon as the
   credential is no longer needed to encrypt application messages.  Messages are selectively
   encrypted, under minimize the control of time any sensitive
   information is maintained.

7.3.3.  getName

   public IGSSName getName() throws GSSException
   Retrieves the setPrivacy method name of the
   MessageProp object used within entity that the wrap method.

5.6.  Inter-process Context Transfer

   GSS-API V2 provides functionality which allows credential asserts.

7.3.4.  getName

   public IGSSName getName(Oid mechOID) throws GSSException

   Retrieves a security context mechanism name of the entity that the credential asserts.
   Equivalent to
   be transferred between processes calling canonicalize() on a single machine.  These are
   implemented using the export method of GSSContext and a byte array
   constructor of the same class. name returned by 7.3.3.

   Parameters:

        mechOID   The most common use mechanism for such a
   feature is a client-server design where the server is implemented as
   a single process that accepts incoming security contexts, which then
   launches child processes to deal with information should be
                  returned.

7.3.5.  getRemainingLifetime

   public int getRemainingLifetime() throws GSSException

   Returns the data on these contexts.  In
   such remaining lifetime in seconds for a design, the child processes must have access to credential.  The
   remaining lifetime is the security
   context object created within minimum lifetime for any of the parent so underlying
   credential mechanisms.  A return value of IGSSCredential.INDEFINITE
   indicates that they can use per-
   message protection services and delete the security context when the
   communication session ends.

   Since credential does not expire.  A return value of 0
   indicates that the security context data structure is expected to contain
   sequencing information, it credential is impractical in general to share a
   context between processes.  Thus GSSContext class provides an export
   method that already expired.

7.3.6.  getRemainingInitLifetime

   public int getRemainingInitLifetime(Oid mech) throws GSSException

   Returns the process, which currently owns remaining lifetime is seconds for the context, can call credential to declare
   remain capable of initiating security contexts under the specified
   mechanism.  A return value of IGSSCredential.INDEFINITE indicates
   that it has no intention to use the credential does not expire for context subsequently,
   and to create an inter-process token containing initiation.  A return
   value of 0 indicates that the credential is already expired.

   Parameters:

        mechOID   The mechanism for which information needed by should be
                  returned.

7.3.7.  getRemainingAcceptLifetime

   public int getRemainingAcceptLifetime(Oid mech) throws GSSException

   Returns the adopting process remaining lifetime is seconds for the credential to successfully re-create
   remain capable of accepting security contexts under the context.  After
   successful completion specified
   mechanism.  A return value of export, IGSSCredential.INDEFINITE indicates
   that the original security credential does not expire for context acceptance.  A return
   value of 0 indicates that the credential is
   made inaccessible to already expired.

   Parameters:

        mechOID   The mechanism for which information should be
                  returned.

7.3.8.  getUsage

   public int getUsage() throws GSSException

   Returns the calling process by GSS-API and any further credential usage flag.  The return value will be one of this object
   IGSSCredential.INITIATE_ONLY, IGSSCredential.ACCEPT_ONLY, or
   IGSSCredential.INITIATE_AND_ACCEPT.

7.3.9.  getUsage

   public int getUsage(Oid mechOID) throws GSSException

   Returns the credential usage flag for the specified credential
   mechanism.  The return value will result in failures. be one of
   IGSSCredential.INITIATE_ONLY, IGSSCredential.ACCEPT_ONLY, or
   IGSSCredential.INITIATE_AND_ACCEPT.

   Parameters:

        mechOID   The originating
   process transfers mechanism for which information should be
                  returned.

7.3.10.  getMechs

   public Oid[] getMechs() throws GSSException

   Returns an array of mechanisms supported by this credential.

7.3.11.  add

   public void add(GSSName aName, int initLifetime, int acceptLifetime,
                   Oid mech, int usage) throws GSSException

   Adds a mechanism specific credential-element to an existing
   credential.  This method allows the inter-process token construction of credentials one
   mechanism at a time.

   This routine is envisioned to be used mainly by context acceptors
   during the adopting process, creation of acceptance credentials which creates are to be used
   with a new GSSContext object variety of clients using different security mechanisms.

   This routine adds the byte array
   constructor.  The properties of new credential element "in-place".  To add the context are equivalent
   element in a new credential, first call clone() to that obtain a copy of
   this credential, then call its add() method.

   Parameters:

        aName     Name of the original context.

   The inter-process token may contain sensitive data from the original
   security context (including cryptographic keys). Applications using
   inter-process tokens to transfer security contexts must take
   appropriate steps principal for whom this credential is to protect these tokens in transit.

   Implementations are not required
                  be acquired. Use "null" to support specify the inter-process
   transfer default
                  principal.

        initLifetime
                  The number of seconds that credentials should remain
                  valid for initiating of security contexts.  Calling  Use
                  GSSCredential.INDEFINITE to request that the isTransferable method
                  credentials have the maximum permitted lifetime.

        acceptLifetime
                  The number of seconds that credentials should remain
                  valid for accepting of security contexts.  Use
                  GSSCredential.INDEFINITE to request that the GSSContext class will indicate if
                  credentials have the context object is
   transferable.

5.7. maximum permitted lifetime.

        mechOid   The Use of Incomplete Contexts

   Some mechanisms may allow over which the per-message services credential is to be used before
   the context establishment process is complete.  For example, a
   mechanism may include sufficient information in its initial context-
   level tokens
                  acquired.

        usage     The intended usage for this credential object. The
                  value of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

7.3.12.  equals

   public boolean equals(Object another)

   Tests if this IGSSCredential refers to the same entity as the
   supplied object.  The two credentials must be acquired over the context acceptor same
   mechanisms and must refer to immediately decode messages
   protected with wrap or getMIC.  For such a mechanism, the initiating
   application need not wait until subsequent context-level tokens have
   been sent and received before invoking same principal.  Returns "true" if
   the per-message protection
   services.

   An application can invoke two GSSCredentials refer to the isProtReady method of same entity; "false" otherwise.

   Parameters:

        another   Another IGSSCredential object for comparison.

7.4.  public interface IGSSContext

   This interface encapsulates the GSSContext
   class to determine if GSS-API security context and provides
   the per-message security services (wrap, unwrap, getMIC, verifyMIC) that are
   available in
   advance of complete context establishment.  Applications wishing to
   use per-message protection services on partially-established over the context.  Security contexts
   should query this method before attempting to invoke wrap or getMIC.

6.  Detailed GSS-API Class Description

   This section lists are established
   between peers using locally acquired credentials.  Multiple contexts
   may exist simultaneously between a detailed description pair of all peers, using the public methods
   that each same or
   different set of the credentials.  GSS-API classes must provide.

6.1.  public class GSSName

   An object of this class encapsulates functions in a single GSS-API principal
   entity. Different name formats manner
   independent of the underlying transport protocol and their definitions are identified
   with universal Object Identifiers (Oids). The format depends on its
   calling application to transport its tokens between peers.

   Before the context establishment phase is initiated, the context
   initiator may request specific characteristics desired of the names
   established context.  These can be derived based on set using the unique oid of each name type.

6.1.1.  Example Code

   Included below are code examples utilizing set methods.  After
   the context is established, the caller can check the actual
   characteristic and services offered by the GSSName object. context using the query
   methods.

   The
   code below creates a GSSName object, converts it context establishment phase begins with the first call to a mechanism name
   (MN), performs a comparison, obtains a printable representation of the name, exports it
   init method by the context initiator.  During this phase the
   initSecContext and then re-imports acceptSecContext methods will produce GSS-API
   authentication tokens which the calling application needs to obtain a new GSSName
   object.

   //create send to
   its peer.  If an oid object for Kerberos v5
   Oid krb5 = new Oid("1.2.840.113554.1.2.2");

   //create a service name, error occurs at any point, an exception will get
   thrown and convert it to the code will start executing in a mechanism name
   GSSName aName = new GSSName("service@host",
                           GSSName.NT_HOSTBASED_SERVICE);
   GSSName mechName = aName.canonicalize(krb5);

   //the above two steps are equivalent to catch block.  If not,
   the following constructor
   GSSName mechName = new GSSName("service@host",
                           GSSName.NT_HOSTBASED_SERVICE,
                           krb5);

   //perform name comparison
   if (aName.equals(mechName))
           print("Names are equals.");

   //obtain textual representation normal flow of name and its printable
   //name type
   print(mechName.toString() +
                   mechName.getStringNameType().toString());

   //export code continues and re-import the name
   byte [] exportName = mechName.export();

   //create application can make a new name object from call
   to the exported buffer
   GSSName newName = new GSSName(exportName,
                           GSSName.NT_EXPORT_NAME);

6.1.2.  Class Constants

   public static final Oid NT_HOSTBASED_SERVICE

   Oid indicating isEstablished() method.  If this method returns false it
   indicates that a host-based service name form. It token is used needed from its peer in order to
   represent services associated with host computers. This name form continue
   the context establishment phase.  A return value of true signals that
   the local end of the context is
   constructed using two elements, "service" and "hostname", as follows:

        service@hostname

   Values for established.  This may still require
   that a token be sent to the "service" element are registered with peer, if one is produced by GSS-API.
   During the IANA. It
   represents context establishment phase, the following value: { 1(iso), 3(org), 6(dod),
   1(internet), 5(security), 6(nametypes), 2(gss-host-based-services) }

   public static final Oid NT_USER_NAME

   Name type isProtReady() method may
   be called to indicate a named user on a local system.  It represents determine if the following value: { iso(1) member-body(2) United States(840)
   mit(113554) infosys(1) gssapi(2) generic(1) user_name(1) }
   public static final Oid NT_MACHINE_UID_NAME

   Name type to indicate a numeric user identifier corresponding context can be used for the per-message
   operations.  This allows applications to a
   user use per-message operations
   on a local system. (e.g. Uid).  It represents contexts which aren't fully established.

   After the following
   value: { iso(1) member-body(2) United States(840) mit(113554)
   infosys(1) gssapi(2) generic(1) machine_uid_name(2) }

   public static final Oid NT_STRING_UID_NAME

   Name type context has been established or the isProtReady() method
   returns "true", the query routines can be invoked to indicate a string determine the
   actual characteristics and services of digits representing the numeric
   user identifier established context.  The
   application can also start using the per-message methods of a user wrap and
   getMIC to obtain cryptographic operations on a local system. It represents application supplied
   data.

   When the
   following value:  { iso(1) member-body(2) United States(840)
   mit(113554) infosys(1) gssapi(2) generic(1) string_uid_name(3) }

   public static final Oid NT_ANONYMOUS

   Name type for representing an anonymous entity. It represents context is no longer needed, the
   following value: { 1(iso), 3(org), 6(dod), 1(internet), 5(security),
   6(nametypes), 3(gss-anonymous-name) } application should call
   dispose to release any system resources the context may be using.

7.4.1.  Static Constants

   public static final Oid NT_EXPORT_NAME

   Name type used int INDEFINITE

   A lifetime constant representing indefinite context lifetime.  This
   value must be set to indicate an exported name produced by the export
   method. It represents the following value: { 1(iso), 3(org), 6(dod),
   1(internet), 5(security), 6(nametypes), 4(gss-api-exported-name) }

6.1.3.  Constructors maximum integer value in Java -
   Integer.MAX_VALUE.

7.4.2.  initSecContext

   public GSSName(String nameStr, Oid type) byte[] initSecContext(byte inputBuf[], int offset, int len)
                   throws GSSException

   Converts a contiguous string name

   Called by the context initiator to a GSSName object of start the
   specified type. The nameStr parameter context creation
   process.  This is interpreted based on equivalent to the
   type specified.  In general, stream based method except that
   the GSSName object created will not be token buffers are handled as byte arrays instead of using stream
   objects.  This method may return an MN; output token which the exception
   application will need to this is if the type parameter indicates
   NT_EXPORT_NAME.

   Parameters:

        nameStr   The string representing the name send to create.

        type      Oid specifying type of the printable name supplied. peer for processing by the
   accept call.  "null" return value can be used indicates that no token needs to specify a default
                  printable syntax.

   public GSSName(byte name[], Oid type) throws GSSException

   Converts a contiguous byte name be
   sent to a GSSName object of the specified
   type. peer.  The name parameter is interpreted based on application can call isEstablished() to
   determine if the type specified.
   This constructor context establishment phase is provided complete for use with names that aren't expressed
   as printable strings (for example, names this
   peer.  A return value of type NT_EXPORT_NAME).  In
   general, the GSSName object created will not "false" from isEstablished() indicates that
   more tokens are expected to be an MN.

   Parameters:

        name      The byte array representing supplied to the initSecContext()
   method.  Note that it is possible that the initSecContext() method
   return a token for the peer, and isEstablished() return "true" also.
   This indicates that the name token needs to create.

        type      Oid specifying the type of name supplied. "null" value
                  can be used to specify a default syntax.

   public GSSName(String nameStr, Oid nameType, Oid mechType)
                                   throws GSSException

   Converts a contiguous string name sent to a GSSName object the peer, but the
   local end of the
   specified type. The nameStr parameter context is interpreted based on now fully established.

   Upon completion of the
   type specified. context establishment, the available context
   options may be queried through the get methods.

   Parameters:

        inputBuf  Token generated by the peer. This constructor parameter is provided to allow ignored
                  on the creation of
   mechanism-specific names without having to call canonicalize.

   Parameters:

        nameStr first call.

        offset    The string representing offset within the name to create.

        nameType  Oid specifying type inputBuf where the token begins.

        len       The length of the printable name supplied.
                  "null" value can be used to specify token within the inputBuf (starting
                  at the offset).

7.4.2.1.  Example Code

   // Create a default
                  printable syntax.

        mechType  Oid specifying new IGSSContext implementation object.
   // GSSContext wrapper implements interface IGSSContext.
   IGSSContext context = new GSSContext(...);

   byte []inTok = new byte[0];

   try {

           do {
                   byte[] outTok = context.initSecContext(inTok, 0,
                                           inTok.length);

                   // send the mechanism for which this name token if present
                   if (outTok != null)
                           sendToken(outTok);

                   // check if we should be created. "null" value can be used to specify
                  the default mechanism. expect more tokens
                   if (context.isEstablished())
                           break;

                   // another token expected from peer
                   inTok = readToken();
           } while (true);

   } catch (GSSException e) {
           print("GSSAPI error: " + e.getMessage());
   }

7.4.3.  initSecContext

   public GSSName(byte name[], Oid nameType, Oid mechType) int initSecContext(InputStream inStream,
                   OutputStream outStream) throws GSSException

   Converts a contiguous byte name to a GSSName object of

   Called by the specified
   type. The name parameter is interpreted based on context initiator to start the type specified. context creation
   process.  This constructor is provided equivalent to be used with names that aren't
   expressed as printable strings.  It allows the creation of
   mechanism-specific names without having to call canonicalize.

   Parameters:

        name      The byte array representing the name based method.  This
   method may write an output token to create.

        type      Oid specifying the type of name supplied. "null" value
                  can be used outStream, which the
   application will need to send to specify a default syntax.

        mechType  Oid specifying the mechanism peer for which this name
                  should be created. "null" value can be used processing by the
   accept call. 0 bytes written to specify the default mechanism.

6.1.4.  equals

   public boolean equals(Object another)

   Compares two GSSName objects output stream indicate that no
   token needs to determine whether they refer be sent to the
   same entity.  If either of peer.  The application can call
   isEstablished() to determine if the names context establishment phase is of the NT_ANONYMOUS type,
   complete for this call will return "false".

   Parameters:

        another   GSSName object to compare with.

6.1.5.  equals

   public boolean equals(GSSName another) throws GSSException peer.  A variation return value of equals method which may throw a GSSException when the
   names cannot "false" from isEstablished
   indicates that more tokens are expected to be compared. If either of supplied to the names represents an
   anonymous entity,
   initSecContext method.  Note that it is possible that the
   initSecContext() method will return "false".

   Parameters:

        another   GSSName object to compare with.

6.1.6.  canonicalize

   public GSSName canonicalize(Oid mechOid) throws GSSException

   Creates a mechanism name (MN) from an arbitrary internal name. token for the peer, and
   isEstablished() return "true" also.  This
   is equivalent to using a constructor which takes indicates that the mechanism name
   as one of its parameters.

   Parameters:

        mechOid   The oid for token
   needs to be sent to the authentication mechanism for which peer, but the
                  canonical form local end of the name context is requested.

6.1.7.  export

   public byte[] export() throws GSSException

   Returns a canonical contiguous byte representation of a mechanism
   name (MN), suitable for direct, byte by byte comparison by
   authorization functions. now
   fully established.

   The name must GSS-API authentication tokens contain a MN before calling this
   method. The format definitive start and end.
   This method will attempt to read one of these tokens per invocation,
   and may block on the header stream if only part of the outputted buffer token is specified
   in RFC 2078.

6.1.8.  toString

   public String toString()

   Returns a textual representation available.

   Upon completion of the GSSName object. To retrieve
   the printed name format, which determines context establishment, the syntax of available context
   options may be queried through the returned
   string, get methods.

   Parameters:

        inStream  Contains the getStringNameType method can be used.

6.1.9.  getStringNameType

   public Oid getStringNameType() throws GSSException

   Returns token generated by the oid representing peer. This
                  parameter is ignored on the type of name returned through first call.

        outStream Output stream where the
   toString method. Using this oid, output token will be written.
                  During the syntax final stage of the printable name can context establishment, there
                  may be determined.

6.1.10.  clone

   public Object clone() throws CloneNotSupportedException

   Creates no bytes written.

7.4.3.1.  Example Code

   // Create a duplicate copy of this name.

6.1.11.  isAnonymous

   public boolean isAnonymous()

   Tests new IGSSContext implementation object.
   // GSSContext wrapper implements interface IGSSContext.
   IGSSContext context = new GSSContext(...);

   // use standard java.io stream objects
   ByteArrayOutputStream os = new ByteArrayOutputStream();
   ByteArrayInputStream is = null;

   try {

           do {
                   context.init(is, os);

                   // send token if this name object represents an anonymous entity. Returns
   "true" present
                   if (os.size() > 0)
                           sendToken(os);

                   // check if we should expect more tokens
                   if this (context.isEstablished())
                           break;
                   // another token expected from peer
                   is an anonymous name.

6.2. = recvToken();

           } while (true);

   } catch (GSSException e) {
           print("GSSAPI error: " + e.getMessage());
   }

7.4.4.  acceptSecContext

   public class GSSCredential

   This class manages GSS-API credentials and their associated
   operations. A credential contains all the necessary cryptographic
   information to enable byte[] acceptSecContext(byte inTok[], int offset, int len)
                   throws GSSException

   Called by the creation of a context on behalf of the
   entity that it represents. It may contain multiple, distinct,
   mechanism specific credential elements, each containing information
   for acceptor upon receiving a specific security mechanism, but all referring token from the peer.
   This call is equivalent to the same
   entity.

   A credential stream based method except that the
   token buffers are handled as byte arrays instead of using stream
   objects.

   This method may be used to perform context initiation, acceptance,
   or both.

   GSS-API implementations must impose a local access-control policy on
   callers return an output token which the application will
   need to prevent unauthorized callers from acquiring credentials send to
   which they are not entitled.  GSSCredential creation is not intended the peer for further processing by the init call.
   "null" return value indicates that no token needs to provide a "login be sent to the network" function, as such a function
   would involve
   peer.  The application can call isEstablished() to determine if the creation
   context establishment phase is complete for this peer.  A return
   value of new credentials rather than merely
   acquiring a handle "false" from isEstablished() indicates that more tokens are
   expected to existing credentials.  Such functions, if
   required, should be defined in implementation-specific extensions supplied to
   the API.

   If credential acquisition this method.

   Note that it is time-consuming for possible that acceptSecContext() return a mechanism, token for
   the
   mechanism may choose peer, and isEstablished() return "true" also.  This indicates
   that the token needs to be sent to delay the actual acquisition until peer, but the
   credential local end of the
   context is required (e.g. by now fully established.

   Upon completion of the GSSContext object). Such
   mechanism-specific implementation decisions should context establishment, the available context
   options may be invisible to queried through the calling application; thus get methods.

   Parameters:

        inTok     Token generated by the query methods immediately following peer.

        offset    The offset within the creation of a credential object must return valid credential
   data, and may therefore incur inTok where the overhead token begins.

        len       The length of a deferred credential
   acquisition.

   Applications will the token within the inTok (starting at
                  the offset).

7.4.4.1.  Example Code

   // acquire server credentials
   IGSSCredential server = new GSSCredential(...);

   // create acceptor GSS-API context fromthe default provider
   IGSSContext context = new GSSContext(server, null);

   try {
           do {
                   byte [] inTok = readToken();

                   byte []outTok = context.accept(inTok, 0,
                                           inTok.length);

                   // possibly send token to peer
                   if (outTok != null)
                           sendToken(outTok);

                   // check if local context establishment is complete
                   if (context.isEstablished())
                           break;
           } while (true);

   } catch (GSSException e) {
           print("GSS-API error: " + e.getMessage());
   }

7.4.5.  acceptSecContext

   public void acceptSecContext(InputStream inStream,
                   OutputStream outStream) throws GSSException

   Called by the context acceptor upon receiving a GSSCredential object passing token from the desired
   parameters. The application can then use peer.
   This call is equivalent to the query methods byte array method.  It may write an
   output token to obtain
   specific information about the instantiated credential object
   (equivalent outStreamf, which the application will need to
   send to the gss_inquire routines). When peer for processing by its initSecContext method. 0 bytes
   written to the credential is output stream indicate that no
   longer needed, token needs to be sent
   to the peer.  The application should can call isEstablished() to determine
   if the dispose (equivalent context establishment phase is complete for this peer.  A
   return value of "false" from isEstablished() indicates that more
   tokens are expected to
   gss_release_cred) method be supplied to release any resources held by this method.

   Note that it is possible that acceptSecContext() return a token for
   the
   credential object peer, and to destroy any cryptographically sensitive
   information.

6.2.1.  Example Code isEstablished() return "true" also.  This example code demonstrates indicates
   that the creation token needs to be sent to the peer, but the local end of the
   context is now fully established.

   The GSS-API authentication tokens contain a GSSCredential object
   for a specific entity, querying definitive start and end.
   This method will attempt to read one of its fields, these tokens per invocation,
   and its release when
   it is no longer needed.

   //start by creating a name object for the entity
   GSSName aName = new GSSName("userName", GSSName.NT_USER_NAME);

   GSSCredential entity = new GSSCredential(
                   aName,
                   GSSCredential.ACCEPT_ONLY);

   //display credential information - name, remaining lifetime,
   //and may block on the mechanisms it has been acquired over
   print(entity.getGSSName().toString());
   print(entity.getRemainingLifetime());

   Oid [] mechs = entity.getMechs(); stream if (mechs != null) {
           for (int i = 0; i < mechs.length; i++)
                   print(mechs[i].toString());
   }

   //release system resources held by only part of the token is available.

   Upon completion of the credential
   entity.dispose();

6.2.2.  Class Constants

   public static final int INITIATE_AND_ACCEPT

   Credential usage flag requesting that it be able to be used for both context initiation and acceptance.

   public static final int INITIATE_ONLY

   Credential usage flag requesting that it establishment, the available context
   options may be able to queried through the get methods.

   Parameters:

        inStream  Contains the token generated by the peer.

        outStream Output stream where the output token will be used for
   context initiation only.

   public static written.
                  During the final int ACCEPT_ONLY

   Credential usage flag requesting that it stage of context establishment, there
                  may be able no bytes written.

7.4.5.1.  Example Code

   // acquire server credentials
   IGSSCredential server = new GSSCredential(...);

   // create acceptor GSS-API context fromthe default provider
   IGSSContext context = new GSSContext(server, null);

   // use standard java.io stream objects
   ByteArrayOutputStream os = new ByteArrayOutputStream();
   ByteArrayInputStream is = null;

   try {
           do {

                   is = recvToken();

                   context.acceptSecContext(is, os);

                   // possibly send token to be used for peer
                   if (os.size() > 0)
                           sendToken(os);

                   // check if local context acceptance only. establishment is complete
                   if (context.isEstablished())
                           break;
           } while (true);
   } catch (GSSException e) {
           print("GSS-API error: " + e.getMessage());
   }

7.4.6.  isEstablished

   public static final int INDEFINITE

   A lifetime constant representing indefinite credential lifetime.
   This value must be set boolean isEstablished()

   Used during context establishment to determine the maximum integer value in Java -
   Integer.MAX_VALUE.

6.2.3.  Constructors

   public GSSCredential(int usage) throws GSSException
   Constructor for default credentials.  This will use the default
   mechanism, name, and an INDEFINITE lifetime.

   Parameters are:

        usage     The intended usage for this credential object. The
                  value state of the
   context.  Returns "true" if this parameter must is a fully established context on
   the caller's side and no more tokens are needed from the peer.
   Should be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY called after a call to initSecContext() or
   acceptSecContext() when no GSSException is thrown.

7.4.7.  dispose

   public GSSCredential(GSSName aName, int usage) void dispose() throws GSSException

   Constructor for default mechanism credential. Uses default mechanism
   and INDEFINITE lifetime.

   Parameters are:

        aName     Name of the principal for whom this credential is to
                  be acquired.

        usage     The intended usage for this credential

   Releases any system resources and cryptographic information stored in
   the context object. The
                  value of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY  This will invalidate the context.

7.4.8.  getWrapSizeLimit

   public GSSCredential(GSSName aName, int lifetime, Oid mechOid, getWrapSizeLimit(int qop, boolean confReq,
                   int usage) maxTokenSize) throws GSSException

   Constructor

   Returns the maximum message size that, if presented to the wrap
   method with the same confReq and qop parameters, will result in an
   output token containing no more than the maxTokenSize bytes.

   This call is intended for use by applications that communicate over
   protocols that impose a single mechanism credential. "null" maximum message size.  It enables the
   application to fragment messages prior to applying protection.

   GSS-API implementations are recommended but not required to detect
   invalid QOP values when getWrapSizeLimit is called.  This routine
   guarantees only a maximum message size, not the availability of
   specific QOP values can be
   specified for name and mechanism message protection.

   Successful completion of this call does not guarantee that wrap will
   be able to obtain system specific defaults.

   Parameters:

        aName     Name protect a message of the principal for whom computed length, since this credential
   ability may depend on the availability of system resources at the
   time that wrap is to
                  be acquired. Use "null" to specify called.  However, if the default
                  principal.

        lifetime  The number implementation itself
   imposes an upper limit on the length of seconds messages that credentials may be
   processed by wrap, the implementation should remain
                  valid.  Use GSSCredential.INDEFINITE to request not return a value that
   is greater than this length.

   Parameters:

        qop       Indicates the credentials have the maximum permitted lifetime.

        mechOid level of protection wrap will be asked
                  to provide.

        confReq   Indicates if wrap will be asked to provide privacy
                  service.

        maxTokenSize
                  The oid of the desired mechanism.

        usage     The intended usage for this credential object. The
                  value maximum size of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY the token emitted by wrap.

7.4.9.  wrap

   public GSSCredential(GSSName aName, byte[] wrap(byte inBuf[], int lifetime, Oid mechs[], offset, int usage) len,
                   MessageProp msgProp) throws GSSException

   Constructor for a credential

   Applies per-message security services over the established security
   context.  The method will return a set of mechanisms. Acquires
   credentials for each of token with a cryptographic MIC and
   may optionally encrypt the mechanisms specified inBuf.  This method is
   equivalent in mechs array.
   "null" value can be used for aName functionality to obtain system specific default.
   To determine which mechanism's acquisition of its stream counterpart.  The returned
   byte array will contain both the credential was
   successful use MIC and the getMechs method.  This call message.

   The MessageProp object is equivalent instantiated by the application and used to
   creating
   specify a single mechanism credential QOP value which selects cryptographic algorithms, and using addCred a
   privacy service to extend optionally encrypt the credential over other mechanisms.

   Parameters:

        aName     Name of message.  The underlying
   mechanism that is used in the principal for whom call may not be able to provide the
   privacy service.  It sets the actual privacy service that it does
   provide in this credential MessageProp object which the caller should then query
   upon return.  If the mechanism is not able to provide the requested
   QOP, it throws a GSSException with the BAD_QOP code.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the wrapping of zero-length messages.

   The application will be acquired. Use "null" responsible for sending the token to specify the default
                  principal.

        lifetime  The number of seconds that credentials should remain
                  valid.  Use GSSCredential.INDEFINITE
   peer.

   Parameters:

        inBuf     Application data to request that be protected.

        offset    The offset within the credentials have inBuf where the maximum permitted lifetime.

        mechOid data begins.

        len       The array length of mechanisms over which the credential data within the inBuf (starting at
                  the offset).

        msgProp   Instance of MessageProp that is used by the
                  application to be acquired.

        usage     The intended usage for set the desired QOP and privacy state.
                  Set the desired QOP to 0 to request the default QOP.
                  Upon return from this credential object. The
                  value of method, this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

6.2.4.  dispose object will contain
                  the the actual privacy state that was applied to the
                  message by the underlying mechanism.

7.4.10.  wrap

   public void dispose() wrap(InputStream inStream, OutputStream outStream,
                   MessageProp msgProp) throws GSSException

   Releases any sensitive information that

   Allows to apply per-message security services over the GSSCredential may be
   containing.  Applications should call this established
   security context.  The method as soon as will produce a token with a
   cryptographic MIC and may optionally encrypt the
   credential message in inStream.
   The outStream will contain both the MIC and the message.

   The MessageProp object is no longer needed instantiated by the application and used to minimize
   specify a QOP value which selects cryptographic algorithms, and a
   privacy service to optionally encrypt the time sensitive
   information message.  The underlying
   mechanism that is maintained.

6.2.5.  getGSSName

   public GSSName getGSSName() throws GSSException

   Retrieves used in the name of call may not be able to provide the
   privacy service.  It sets the actual privacy service that it does
   provide in this MessageProp object which the caller should then query
   upon return.  If the entity that mechanism is not able to provide the credential asserts.

6.2.6.  getGSSName

   public GSSName getGSSName(Oid mechOID) requested
   QOP, it throws a GSSException

   Retrieves per-mechanism name of with the entity that BAD_QOP code.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the credential
   asserts.

   Parameters:

        mechOID wrapping of zero-length messages.

   The mechanism application will be responsible for which information should sending the token to the
   peer.

   Parameters:

        inStream  Input stream containing the application data to be
                  returned.

6.2.7.  getRemainingLifetime

   public int getRemainingLifetime() throws GSSException

   Returns
                  protected.

        outStream The output stream to write the remaining lifetime in seconds for a credential. protected message to.
                  The
   remaining lifetime application is the minimum lifetime responsible for any of the underlying
   credential mechanisms.  A return value of GSSCredential.INDEFINITE
   indicates that sending this to the credential does not expire.  A return value
                  other peer for processing in its unwrap method.

        msgProp   Instance of 0
   indicates MessageProp that the credential is already expired.

6.2.8.  getRemainingInitLifetime

   public int getRemainingInitLifetime(Oid mech) throws GSSException

   Returns used by the remaining lifetime is seconds for
                  application to set the credential desired QOP and privacy state.

                  Set the desired QOP to
   remain capable of initiating security contexts under 0 to request the specified
   mechanism. A default QOP.
                  Upon return value of GSSCredential.INDEFINITE indicates that from this method, this object will contain
                  the credential does not expire for context initiation. A return value
   of 0 indicates the actual privacy state that was applied to the credential is already expired.

   Parameters:

        mechOID   The mechanism for which information should be
                  returned.

6.2.9.  getRemainingAcceptLifetime
                  message by the underlying mechanism.

7.4.11.  unwrap

   public byte [] unwrap(byte[] inBuf, int getRemainingAcceptLifetime(Oid mech) offset, int len,
                   MessageProp msgProp) throws GSSException

   Returns

   Used by the remaining lifetime peer application to process tokens generated with the
   wrap call.  This call is seconds for equal in functionality to its stream
   counterpart.  The method will return the credential message supplied in the peer
   application to
   remain capable of accepting security contexts under the specified
   mechanism. A return value of GSSCredential.INDEFINITE indicates that wrap call, verifying the credential does not expire for context acceptance. A return value
   of 0 indicates that embedded MIC.

   The MessageProp object is instantiated by the credential application and is already expired.

   Parameters:

        mechOID   The used
   by the underlying mechanism for which to return information to the caller such
   as the QOP, whether confidentiality was applied to the message, and
   other supplementary message state information.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should be
                  returned.

6.2.10.  getUsage

   public int getUsage() throws GSSException

   Returns support
   the credential usage flag. The return value will be one wrapping and unwrapping of
   GSSCredential.INITIATE_ONLY, GSSCredential.ACCEPT_ONLY, or
   GSSCredential.INITIATE_AND_ACCEPT.

6.2.11.  getUsage

   public int getUsage(Oid mechOID) throws GSSException

   Returns zero-length messages.

   Parameters:

        inBuf     GSS-API wrap token received from peer.

        offset    The offset within the credential usage flag for inBuf where the specified credential
   mechanism. token begins.

        len       The length of the token within the inBuf (starting at
                  the offset).

        msgProp   Upon return value from the method, this object will be one contain
                  the applied QOP, the privacy state of
   GSSCredential.INITIATE_ONLY, GSSCredential.ACCEPT_ONLY, or
   GSSCredential.INITIATE_AND_ACCEPT.

   Parameters:

        mechOID   The mechanism for which the message, and
                  supplementary information should be
                  returned.

6.2.12.  getMechs

   public Oid[] getMechs() throws GSSException

   Returns an array of mechanisms supported by this credential.

6.2.13.  add described in 4.12.3 stating
                  whether the token was a duplicate, old, out of
                  sequence or arriving after a gap.

7.4.12.  unwrap

   public void add(GSSName aName, int initLifetime, int acceptLifetime,
                           Oid mech, int usage) unwrap(InputStream inStream, OutputStream outStream,
                   MessageProp msgProp) throws GSSException

   Adds a mechanism specific credential-element

   Used by the peer application to an existing
   credential. This method allows process tokens generated with the construction of credentials one
   mechanism at a time.
   wrap call.  This functionality call is equivalent equal in functionality to using the
   GSSCredential constructor which takes an Oid its byte array as an input
   parameter or calling this method once for each of
   counterpart.  It will produce the mechanisms message supplied in the array.

   This routine is envisioned peer
   application to be the wrap call, verifying the embedded MIC.

   The MessageProp object is instantiated by the application and is used mainly
   by context acceptors
   during the creation underlying mechanism to return information to the caller such
   as the QOP, whether confidentiality was applied to the message, and
   other supplementary message state information.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the wrapping and unwrapping of acceptance credentials which are zero-length messages.

   Parameters:

        inStream  Input stream containing the GSS-API wrap token
                  received from the peer.

        outStream The output stream to be used
   with a variety write the application message to.

        msgProp   Upon return from the method, this object will contain
                  the applied QOP, the privacy state of clients using different security mechanisms.

   To obtain the message, and
                  supplementary information described in 4.12.3 stating
                  whether the token was a new credential object duplicate, old, out of
                  sequence or arriving after a gap.

7.4.13.  getMIC

   public byte[] getMIC(byte []inMsg, int offset, int len,
                   MessageProp msgProp) throws GSSException

   Returns a token containing a cryptographic MIC for the addition of supplied
   message,  for transfer to the new
   mechanism credential, peer application.  Unlike wrap, which
   encapsulates the user message in the returned token, only the message
   MIC is returned in the clone output token.  This method is identical in
   functionality to its stream counterpart.

   Note that privacy can only be called.

   Parameters:

        aName     Name of applied through the principal for whom this credential is wrap call.

   Since some application-level protocols may wish to
                  be acquired. Use "null" use tokens emitted
   by getMIC to specify the default
                  principal.

        initLifetime
                  The number of seconds that credentials provide "secure framing", implementations should remain
                  valid for initiating support
   derivation of security contexts.  Use
                  GSSCredential.INDEFINITE MICs from zero-length messages.

   Parameters:

        inMsg     Message to request that generate MIC over.

        offset    The offset within the
                  credentials have inMsg where the maximum permitted lifetime.

        acceptLifetime token begins.

        len       The number length of seconds that credentials should remain
                  valid for accepting the token within the inMsg (starting at
                  the offset).

        msgProp   Instance of security contexts.  Use
                  GSSCredential.INDEFINITE to request MessageProp that is used by the
                  credentials have
                  application to set the maximum permitted lifetime.

        mechOid   The mechanisms over which desired QOP.  Set the credential is desired
                  QOP to be
                  acquired.

        usage     The intended usage for this credential object. The
                  value of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

6.2.14.  equals

   public boolean equals(Object another)

   Tests if this GSSCredential refers 0 in msgProp to request the same entity as the supplied
   object. The two GSSCredentials must be acquired over default QOP.
                  Alternatively pass in "null" for msgProp to request
                  default QOP.

7.4.14.  getMIC

   public void getMIC(InputStream inStream, OutputStream outStream,
                   MessageProp msgProp) throws GSSException

   Produces a token containing a cryptographic MIC for the same
   mechanisms and must refer supplied
   message, for transfer to the same principal. Returns "true" if peer application.  Unlike wrap, which
   encapsulates the two GSSCredentials refer to user message in the same entity; "false" otherwise.

   Parameter:

        another   Another GSSCredential object for comparison.

6.3.  public class GSSContext

   This class represents returned token, only the GSS-API security context and message
   MIC is produced in the output token.  This method is identical in
   functionality to its associated
   operations. Security contexts are established between peers using
   locally acquired credentials. Multiple contexts byte array counterpart.

   Note that privacy can only be applied through the wrap call.

   Since some application-level protocols may exist
   simultaneously between a pair wish to use tokens emitted
   by getMIC to provide "secure framing", implementations should support
   derivation of peers, using MICs from zero-length messages.

   Parameters:

        inStream  inStream  Input stream containing the message to
                  generate MIC over.

        outStream outStream Output stream to write the same or different
   set of credentials. GSS-API functions in a manner independent output
                  token to.

        msgProp   Instance of MessageProp that is used by the
   underlying transport protocol and depends on its calling
                  application to transport its tokens between peers.

   The GSSContext object can be thought of as having 3 implicit states:
   before it is established, during its context establishment, and after
   a fully established context exists.

   Before set the context establishment phase is initiated, desired QOP.  Set the context
   initiator may request specific characteristics desired of
                  QOP to 0 in msgProp to request the
   established context. These can be set using default QOP.
                  Alternatively pass in "null" for msgProp to request
                  default QOP.

7.4.15.  verifyMIC

   public void verifyMIC(byte []inTok, int tokOffset, int tokLen,
                   byte[] inMsg, int msgOffset, int msgLen,
                   MessageProp msgProp) throws GSSException
   Verifies the set methods. After cryptographic MIC, contained in the context is established, token parameter,
   over the caller can check supplied message.  This method is equivalent in
   functionality to its stream counterpart.

   The MessageProp object is instantiated by the actual
   characteristic application and services offered is used
   by the context using the query
   methods.

   The context establishment phase begins with the first call underlying mechanism to return information to the
   init method by the context initiator. During this phase caller such
   as the init and
   accept methods will produce GSS-API authentication tokens which QOP indicating the
   calling application needs to send strength of protection that was applied to its peer. The init
   the message and accept
   methods other supplementary message state information.

   Since some application-level protocols may return a CONTINUE_NEEDED code which indicates that a
   token is needed from its peer in order wish to continue use tokens emitted
   by getMIC to provide "secure framing", implementations should support
   the context
   establishment phase. A return code calculation and verification of COMPLETE signals that MICs over zero-length messages.

   Parameters:

        inTok     Token generated by peer's getMIC method.

        tokOffset The offset within the local
   end inTok where the token begins.

        tokLen    The length of the context is established. This may still require that a token be sent within the inTok (starting at
                  the offset).

        inMsg     Application message to verify the peer, depending if one is produced by GSS-API. cryptographic MIC
                  over.

        msgOffset The offset within the inMsg where the message begins.

        msgLen    The length of the message within the inMsg (starting
                  at the offset).

        msgProp   Upon return from the method, this object will contain
                  the applied QOP and supplementary information
                  described in 4.12.3 stating whether the token was a
                  duplicate, old, out of sequence or arriving after a
                  gap.  The isEstablished method can also confidentiality state will be used set to determine if the local
   end of
                  "false".

7.4.16.  verifyMIC

   public void verifyMIC(InputStream tokStream, InputStream msgStream,
                   MessageProp msgProp) throws GSSException

   Verifies the context has been fully established. During cryptographic MIC, contained in the context
   establishment phase, token parameter,
   over the isProtReady supplied message.  This method may be called is equivalent in
   functionality to
   determine if its byte array counterpart.

   The MessageProp object is instantiated by the context can be application and is used for
   by the per-message operations.
   This allows implementation underlying mechanism to use per-message operations on contexts
   which aren't fully established.

   After the context has been established or the isProtReady method
   returns "true", the query routines can be invoked return information to determine the
   actual characteristics and services of caller such
   as the established context. The
   application can also start using QOP indicating the per-message methods strength of wrap protection that was applied to
   the message and other supplementary message state information.

   Since some application-level protocols may wish to use tokens emitted
   by getMIC to obtain cryptographic operations on application supplied
   data.

   When the context is no longer needed, the application provide "secure framing", implementations should call
   dispose to release any system resources the context may be using.

6.3.1.  Example Code

   The example code presented below demonstrates support
   the usage calculation and verification of MICs over zero-length messages.

   Parameters:

        tokStream Input stream containing the token generated by peer's
                  getMIC method.

        msgStream Input stream containing the
   GSSContext object for the initiating peer. Different operations on
   the GSSContext object are presented, including: object instantiation,
   setting of desired flags, context establishment, query of actual
   context flags, per-message operations on application data, message to
                  verify the cryptographic MIC over.

        msgProp   Upon return from the method, this object will contain
                  the applied QOP and
   finally context deletion.

   //start by creating supplementary information
                  described in 4.12.3 stating whether the name for token was a service entity
   GSSName targetName = new GSSName("service@host",
                           GSSName.NT_HOSTBASED_SERVICE);

   //create
                  duplicate, old, out of sequence or arriving after a context using default credentials for
                  gap.  The confidentiality state will be set to
                  "false".

7.4.17.  export

   public byte [] export() throws GSSException

   Provided to support the
   //default mechanism
   GSSContext aCtxt = new GSSContext(targetName,
                           null,   /* default mechanism */
                           null,   /* default credentials */
                           GSSContext.INDEFINITE);

   //set desired context options - all others are false by default
   aCtxt.requestConf(true);
   aCtxt.requestMutualAuth(true);
   aCtxt.requestReplayDet(true);
   aCtxt.requestSequenceDet(true);

   //establish a context sharing of work between peers - using byte arrays
   byte []inTok = new byte[0];

   try {
           do {
                   byte[] outTok = aCtxt.init(inTok, 0, inTok.length);

                   //send multiple processes.
   This routine will typically be used by the token if present
                   if (outTok != null)
                           sendToken(outTok);

                   //check if we should expect more tokens
                   if (aCtxt.isEstablished())
                           break;

                   //another token expected from peer
                   inTok = readToken();

           } while (true);

   } catch (GSSException e) {
           print("GSSAPI error: " + e.getMessage());
   }

   //display context information
   print("Remaining lifetime context-acceptor, in seconds = " + aCtxt.getLifetime());
   print("Context mechanism = " + aCtxt.getMech().toString());
   print("Initiator = " + aCtxt.getSrcName().toString());
   print("Acceptor = " + aCtxt.getTargName().toString());

   if (aCtxt.getConfState())
           print("Confidentiality security service available");

   if (aCtxt.getIntegState())
           print("Integrity security service available");

   //perform wrap on an
   application supplied message, appMsg,
   //using QOP = 0, where a single process receives incoming connection
   requests and requesting privacy service
   byte [] appMsg ...

   MessageProp mProp = new MessageProp(0, true);

   byte []tok = aCtxt.wrap(appMsg, 0, appMsg.length, mProp);

   if (mProp.getPrivacy())
           print("Message protected with privacy.");

   sendToken(tok);

   //release accepts security contexts over them, then passes the
   established context to one or more other processes for message
   exchange.

   This method deactivates the local-end security context and creates an
   interprocess token which, when passed to the byte array constructor
   of the GSSContext class in another process, will re-activate the
   context
   aCtxt.dispose();

6.3.2.  Class Constants

   public static final int INDEFINITE

   A lifetime constant representing indefinite in the second process.  Only a single instantiation of a
   given context lifetime.  This
   value must may be set active at any one time; a subsequent attempt by
   a context exporter to access the maximum integer value in Java -
   Integer.MAX_VALUE.

   public static final int COMPLETE

   Return value from exported security context will fail.

   The implementation may constrain the set of processes by which the
   interprocess token may be imported, either accept as a function of local
   security policy, or init stating as a result of implementation decisions.  For
   example, some implementations may constrain contexts to be passed
   only between processes that run under the context
   creation phase is complete for this peer.

   public static final int CONTINUE_NEEDED

   Return value from either accept same account, or init stating that another which are
   part of the same process group.

   The interprocess token is
   required from may contain security-sensitive information
   (for example cryptographic keys).  While mechanisms are encouraged to
   either avoid placing such sensitive information within interprocess
   tokens, or to encrypt the peer token before returning it to continue context creation. This the
   application, in a typical GSS-API implementation this may not be
   returned several times indicating multiple
   possible.  Thus the application must take care to protect the
   interprocess token, and ensure that any process to which the token exchanges.

6.3.3.  Constructors is
   transferred is trustworthy.

7.4.18.  requestMutualAuth

   public GSSContext(GSSName peer, Oid mechOid, GSSCredential myCred,
                                   int lifetime) void requestMutualAuth(boolean state) throws GSSException

   Constructor for creating a context on the initiator's side. Context
   flags may be modified through the mutator methods prior to calling
   init.

   Parameters:

        peer      Name of

   Sets the target peer.

        mechOid   Oid request state of the desired mechanism.  Use "null" to request mutual authentication flag for the default mechanism.

        myCred    Credentials of
   context.  This method is only valid before the initiator.  Use "null" to act as a
                  default initiator principal.

        lifetime  The request lifetime, in seconds, context creation
   process begins and only for the credential. initiator.

   Parameters:

        state     Boolean representing if mutual authentication should
                  be requested during context establishment.

7.4.19.  requestReplayDet

   public GSSContext(GSSCredential myCred) void requestReplayDet(boolean state) throws GSSException

   Constructor

   Sets the request state of the replay detection service for creating a context on the acceptor' side. The
   context's properties will be determined from
   context.  This method is only valid before the input token supplied
   to context creation
   process begins and only for the accept method. initiator.

   Parameters:

        myCred    Credentials for

        state     Boolean representing if replay detection is desired
                  over the acceptor.  Use "null" to act as a
                  default acceptor principal. established context.

7.4.20.  requestSequenceDet

   public GSSContext(byte [] interProcessToken) void requestSequenceDet(boolean state) throws GSSException
   Constructor

   Sets the request state for creating a previously exported the sequence checking service of the
   context. The context
   properties will be determined from  This method is only valid before the input token context creation
   process begins and can't be
   modified through only for the set methods. initiator.

   Parameters:

        interProcessToken
                  The token previously emitted from

        state     Boolean representing if sequence detection is desired
                  over the export method.

6.3.4.  init established context.

7.4.21.  requestCredDeleg

   public byte[] init(byte inputBuf[], int offset, int len) void requestCredDeleg(boolean state) throws GSSException

   Called by

   Sets the request state for the credential delegation flag for the context initiator to start
   context.  This method is only valid before the context creation
   process. This is equivalent to
   process begins and only for the stream based method except that initiator.

   Parameters:

        state     Boolean representing if credential delegation is
                  desired.

7.4.22.  requestAnonymity

   public void requestAnonymity(boolean state) throws GSSException

   Requests anonymous support over the token buffers are handled as byte arrays instead of using stream
   objects. context.  This method may return an output token which the application
   will need to send to is only
   valid before the peer context creation process begins and only for processing by the accept call.
   "null" return value indicates
   initiator.

   Parameters:

        state     Boolean representing if anonymity support is
                  requested.

7.4.23.  requestConf

   public void requestConf(boolean state) throws GSSException

   Requests that no token needs to confidentiality service be sent to available over the
   peer. The application can call isEstablished to determine if context.
   This method is only valid before the context establishment phase is complete creation process begins
   and only for this peer. A return value
   of "false" from isEstablished indicates that more tokens the initiator.

   Parameters:

        state     Boolean indicating if confidentiality services are expected to
                  be supplied to requested for the init method. Please note context.

7.4.24.  requestInteg

   public void requestInteg(boolean state) throws GSSException

   Requests that integrity services be available over the init context.  This
   method
   may return a token for is only valid before the peer, context creation process begins and isEstablished return "true"
   also. This indicates that
   only for the token needs initiator.

   Parameters:

        state     Boolean indicating if integrity services are to be sent to the peer, but
   the local end of
                  requested for the context is now fully established.

   Upon completion of context.

7.4.25.  requestLifetime

   public void requestLifetime(int lifetime) throws GSSException

   Sets the desired lifetime for the context establishment, in seconds.  This method is
   only valid before the available context
   options may be queried through creation process begins and only for
   the get methods. initiator.

   Parameters:

        inputBuf  Token generated by

        lifetime  The desired context lifetime in seconds.

7.4.26.  setChannelBinding

   public void setChannelBinding(ChannelBinding cb) throws GSSException

   Sets the peer. channel bindings to be used during context establishment.
   This parameter method is ignored
                  on the first call.

        offset    The offset within the inputBuf where only valid before the token context creation process begins.

        len       The length

   Parameters:

        cb        Channel bindings to be used.

7.4.27.  getCredDelegState

   public boolean getCredDelegState()

   Returns the state of the token within delegated credentials for the inputBuf (starting
                  at context.  When
   issued before context establishment is completed or when the offset).

6.3.4.1.  Example Code

   //create a GSSContext object
   GSSContext aCtxt = new GSSContext(...

   byte []inTok = new byte[0];

   try {

           do {
                   byte[] outTok = aCtxt.init(inTok, 0,
                                           inTok.length);

                   //send
   isProtReady method returns "false", it returns the token if present
                   if (outTok != null)
                           sendToken(outTok);

                   //check if we should expect more tokens
                   if (aCtxt.isEstablished())
                           break;

                   //another token expected from peer
                   inTok = readToken();
           } while (true);

   } catch (GSSException e) {
           print("GSSAPI error: " + e.getMessage());
   }

6.3.5.  init desired state,
   otherwise it will indicate the actual state over the established
   context.

7.4.28.  getMutualAuthState

   public int init(InputStream inputBuf, OutputStream outputBuf)
                                   throws GSSException

   Called by boolean getMutualAuthState()

   Returns the context initiator to start state of the mutual authentication option for the
   context.  When issued before context creation
   process. This is equivalent to establishment completes or when
   the byte array based method.  This isProtReady method may write an output token to returns "false", it returns the desired state,
   otherwise it will indicate the actual state over the outputBuf, which established
   context.

7.4.29.  getReplayDetState

   public boolean getReplayDetState()

   Returns the
   application will need to send to state of the peer replay detection option for processing by the
   accept call. 0 bytes written to the output stream indicate that no
   token needs to be sent to context.
   When issued before context establishment completes or when the peer. The
   isProtReady method returns "false", it returns the desired state,
   otherwise it will return either
   COMPLETE or CONTINUE_NEEDED indicating indicate the status of actual state over the current established
   context. A return value

7.4.30.  getSequenceDetState

   public boolean getSequenceDetState()

   Returns the state of COMPLETE indicates that the sequence detection option for the context.
   When issued before context establishment phase is complete for this peer, while CONTINUE_NEEDED
   means that another token is expected from completes or when the peer. The isEstablished
   isProtReady method can also be used to determine this state. Note that returns "false", it is
   possible to have a token for the peer while this method returns
   COMPLETE. This indicates that the local end of the context is
   established, but the token needs to be sent to desired state,
   otherwise it will indicate the peer to complete actual state over the established
   context.

7.4.31.  getAnonymityState

   public boolean getAnonymityState()

   Returns "true" if this is an anonymous context.  When issued before
   context establishment.

   The GSS-API authentication tokens contain a definitive start and end.
   This establishment completes or when the isProtReady method will attempt to read one of these tokens per invocation,
   and may block on
   returns "false", it returns the stream if only part of desired state, otherwise it will
   indicate the token is available.

   Upon completion of actual state over the context establishment, established context.

7.4.32.  isTransferable

   public boolean isTransferable() throws GSSException

   Returns "true" if the available context
   options may be queried is transferable to other processes
   through the get methods.

   Parameters:

        inputBuf  Contains the token generated by use of the peer. export method.  This
                  parameter call is ignored only valid on
   fully established contexts.

7.4.33.  isProtReady

   public boolean isProtReady()

   Returns "true" if the first call.

        outputBuf Buffer where the output token will per message operations can be written. During applied over the final stage
   context.  Some mechanisms may allow the usage of per-message
   operations before the context establishment, there may be
                  no bytes written.

6.3.5.1.  Example Code

   //create a GSSContext object
   GSSContext aCtxt = new GSSContext(...

   //use standard java.io stream objects
   ByteArrayOutputStream os = new ByteArrayOutputStream();
   ByteArrayInputStream is = null;

   try {

           while (aCtxt.init(is, os) ==
                   GSSContext.CONTINUE_NEEDED) {

                   //send token to peer
                   sendToken(os);

                   //another token expected from peer is = recvToken();
           }

           //send token if present
           if (os.size() > 0)
                   sendToken(os);

   } catch (GSSException e) {
           print("GSS-API error: " + e.getMessage());
   }

6.3.6.  accept

   public byte[] accept(byte inTok[], int offset, int len)
                                   throws GSSException

   Called by fully established.  This will also
   indicate that the get methods will return actual context acceptor upon receiving a token from state
   characteristics instead of the peer.
   This call is equivalent to desired ones.

7.4.34.  getConfState

   public boolean getConfState()

   Returns the stream based confidentiality service state over the context.  When
   issued before context establishment completes or when the isProtReady
   method except that returns "false", it returns the
   token buffers are handled as byte arrays instead of using stream
   objects.

   This desired state, otherwise it
   will indicate the actual state over the established context.

7.4.35.  getIntegState

   public boolean getIntegState()

   Returns the integrity service state over the context.  When issued
   before context establishment completes or when the isProtReady method may return an output token which
   returns "false", it returns the application desired state, otherwise it will
   need to send to the peer for further processing by
   indicate the init call.
   "null" return value indicates that no token needs to be sent to actual state over the
   peer. The application can call isEstablished to determine if established context.

7.4.36.  getLifetime

   public int getLifetime()

   Returns the context lifetime in seconds.  When issued before context
   establishment phase is complete for this peer. A return value
   of "false" from isEstablished indicates that more tokens are expected
   to be supplied to this method.

   Please note that completes or when the accept isProtReady method may return a token for returns
   "false", it returns the peer,
   and isEstablished return "true" also. This indicates that desired lifetime, otherwise it will indicate
   the token
   needs to be sent to remaining lifetime for the peer, but context.

7.4.37.  getSrcName

   public GSSName getSrcName() throws GSSException
   Returns the local end name of the context initiator.  This call is now
   fully established.

   Upon completion of the context establishment, valid only
   after the available context
   options may be queried through is fully established or the get methods.

   Parameters:

        inTok     Token generated by isProtReady method
   returns "true".  It is guaranteed to return an MN.

7.4.38.  getTargName

   public GSSName getTargName() throws GSSException

   Returns the peer.

        offset    The offset within name of the inTok where context target (acceptor).  This call is
   valid only after the token begins.

        len       The length of context is fully established or the token within isProtReady
   method returns "true".  It is guaranteed to return an MN.

7.4.39.  getMech

   public Oid getMech() throws GSSException

   Returns the inTok (starting at mechanism oid for this context.

7.4.40.  getDelegCred

   public GSSCredential getDelegCred() throws GSSException

   Returns the offset).

6.3.6.1.  Example Code

   //obtain server delegated credential object on the acceptor's side.  To
   check for availability of delegated credentials
   GSSCredential server = ...

   //create acceptor GSS-API context
   GSSContext aCtxt = new GSSContext(server);

   try {
           do {
                   byte [] inTok = readToken();
                   byte []outTok = aCtxt.accept(inTok, 0,
                                           inTok.length);

                   //possibly send token to peer
                   if (outTok != null)
                           sendToken(outTok);

                   //check if local context establishment call
   getDelegCredState.  This call is complete
                   if (aCtxt.isEstablished())
                           break;
           } while (true);

   } catch (GSSException e) {
           print("GSS-API error: " + e.getMessage());
   }

6.3.7.  accept only valid on fully established
   contexts.

7.4.41.  isInitiator

   public int accept(InputStream inputBuf, OutputStream outputBuf) boolean isInitiator() throws GSSException

   Called by

   Returns "true" if this is the context acceptor upon receiving a token from initiator of the peer. context.  This call is equivalent
   only valid after the context creation process has started.

7.5.  public class MessageProp

   This is a utility class used within the per-message GSSContext
   methods to convey per-message properties.

   When used with the byte array method.  It may write IGSSContext interface's wrap and getMIC methods,
   an
   output token instance of this class is used to indicate the outputBuf, which the application will need desired QOP and to
   send
   request if confidentiality services are to be applied to caller
   supplied data (wrap only).  To request default QOP, the peer for processing by its init method. value of 0 bytes written
   to
   should be used for QOP.

   When used with the output stream indicate that no token needs to unwrap and verifyMIC methods of the IGSSContext
   interface, an instance of this class will be sent used to indicate the
   peer. The method
   applied QOP and confidentiality services over the supplied message.
   In the case of verifyMIC, the confidentiality state will always be
   "false".  Upon return either COMPLETE or CONTINUE_NEEDED
   indicating from these methods, this object will also
   contain any supplementary status values applicable to the processed
   token.  The supplementary status values can indicate old tokens, out
   of the current context. A return value of
   COMPLETE indicates sequence tokens, gap tokens or duplicate tokens.

7.5.1.  Constructors

   public MessageProp(boolean privState)

   Constructor which sets QOP to 0 indicating that the context establishment phase default QOP is complete
   requested.

   Parameters:

        privState The desired privacy state. "true" for this peer, while CONTINUE_NEEDED means that another token is
   expected from privacy and
                  "false" for integrity only.

   public MessageProp(int qop, boolean privState)

   Constructor which sets the peer. The isEstablished method can also be used to
   determine this values for the qop and privacy state.  Note that it is possible

   Parameters:

        qop       The desired QOP.  Use 0 to have request a token default QOP.

        privState The desired privacy state. "true" for privacy and
                  "false" for integrity only.

7.5.2.  getQOP

   public int getQOP()

   Retrieves the peer while this method returns COMPLETE. This indicates that the
   local end of QOP value.

7.5.3.  getPrivacy

   public boolean getPrivacy()
   Retrieves the context is established, but privacy state.

7.5.4.  setQOP

   public void setQOP(int qopVal)

   Sets the token needs QOP value.

   Parameters:

        qopVal    The QOP value to be
   sent set.  Use 0 to request a default
                  QOP value.

7.5.5.  setPrivacy

   public void setPrivacy(boolean privState)

   Sets the peer privacy state.

   Parameters:

        privState The privacy state to complete set.

7.5.6.  isDuplicateToken

   public boolean isDuplicateToken()

   Returns "true" if this is a duplicate of an earlier token.

7.5.7.  isOldToken

   public boolean isOldToken()

   Returns "true" if the context establishment.

   The GSS-API authentication tokens contain token's validity period has expired.

7.5.8.  isUnseqToken

   public boolean isUnseqToken()

   Returns "true" if a definitive start and end. later token has already been processed.

7.5.9.  isGapToken

   public boolean isGapToken()

   Returns "true" if an expected per-message token was not received.

7.5.10.  setSupplementaryStates

   public void setSupplementaryStates(boolean duplicate,
                   boolean old, boolean unseq, boolean gap)

   This method will attempt to read one of these tokens per invocation,
   and may block on sets the stream if only part of state for the token supplementary information flags in
   MessageProp.  It is available.

   Upon completion of the context establishment, the available context
   options may be queried through the get methods.

   Parameters:

        inputBuf  Contains the token generated not used by the peer.

        outputBuf Buffer where application but by the output token will be written. During GSS
   implementation to return this information to the final stage caller of a per-
   message context establishment, there may be
                  no bytes written.

6.3.7.1.  Example Code

   //obtain server credentials
   GSSCredential server = ...

   //create acceptor GSS-API context
   GSSContext aCtxt = new GSSContext(server);

   //use standard java.io stream objects
   ByteArrayOutputStream os = new ByteArrayOutputStream();
   ByteArrayInputStream is = null;
   int retCode;

   try {
           do {
                   is = recvToken();
                   retCode = aCtxt.accept(is, os);

                   //possibly send method.

   Parameters:

        duplicate true if the token to peer was a duplicate of an earlier token,
                  false otherwise

        old       true if (os.size() > 0)
                           sendToken(os);

           } while (retCode == GSSContext.CONTINUE_NEEDED);

   } catch (GSSException e) {
           print("GSS-API error: " + e.getMessage());
   }

6.3.8.  isEstablished

   public boolean isEstablished()

   Returns "true" the token's validity period has expired, false
                  otherwise

        unseq     true if this is a fully established context. Used after the
   init and accept methods to check later token has already been processed,
                  false otherwise

        gap       true if one or more predecessor tokens have not yet
                  been succesfully processed, false otherwise

7.6.  public class ChannelBinding

   The GSS-API accommodates the concept of caller-provided channel
   binding information.  Channel bindings are needed from used to strengthen the
   peer.

6.3.9.  dispose

   public void dispose() throws GSSException
   Releases any system resources and cryptographic information stored in
   quality with which peer entity authentication is provided during
   context establishment.  They enable the context object. This will invalidate GSS-API callers to bind the context.

6.3.10.  getWrapSizeLimit

   public int getWrapSizeLimit(int qop, boolean confReq,
                           int maxTokenSize) throws GSSException

   Returns
   establishment of the maximum message size that, if presented security context to relevant characteristics
   like addresses or to application specific data.

   The caller initiating the wrap
   method with security context must determine the same confReq and qop parameters, will result
   appropriate channel binding values to set in an
   output token containing no more than the maxTokenSize bytes.

   This call GSSContext object.
   The acceptor must provide an identical binding in order to validate
   that received tokens possess correct channel-related characteristics.

   Use of channel bindings is intended for use by optional in GSS-API.  Since channel-
   binding information may be transmitted in context establishment
   tokens, applications that communicate over
   protocols that impose should therefore not use confidential data as
   channel-binding components.

7.6.1.  Constructors

   public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
                   byte[] appData)

   Create a maximum message size.  It enables ChannelBinding object with user supplied address information
   and data.  "null" values can be used for any fields which the
   application does not want to fragment messages prior specify.

   Parameters:

        initAddr  The address of the context initiator.  "null" value
                  can be supplied to applying protection.

   GSS-API implementations are recommended but indicate that the application does
                  not required want to detect
   invalid QOP values when getWrapSizeLimit is called. This routine
   guarantees only a maximum message size, not the availability set this value.

        acceptAddrThe address of
   specific QOP values for message protection.

   Successful completion the context acceptor.  "null" value can
                  be supplied to indicate that the application does not
                  want to set this value.

        appData   Application supplied data to be used as part of this call the
                  channel bindings.  "null" value can be supplied to
                  indicate that the application does not guarantee that wrap will
   be able want to protect set
                  this value.

   public ChannelBinding(byte[] appData)

   Creates a message ChannelBinding object without any addressing information.

   Parameters:

        appData   Application supplied data to be used as part of the computed length, since
                  channel bindings.

7.6.2.  getInitiatorAddress

   public InetAddress getInitiatorAddress()

   Returns the initiator's address for this
   ability may depend on channel binding. "null" is
   returned if the availability address has not been set.

7.6.3.  getAcceptorAddress

   public InetAddress getAcceptorAddress()

   Returns the acceptor's address for this channel binding. "null" is
   returned if the address has not been set.

7.6.4.  getApplicationData

   public byte[] getApplicationData()

   Returns application data being used as part of system resources at the
   time that wrap ChannelBinding.
   "null" is called.  However, returned if no application data has been specified for the implementation itself
   imposes an upper limit on
   channel binding.

7.6.5.  equals

   public boolean equals(Object obj)

   Returns "true" if two channel bindings match.

   Parameters:

        obj       Another channel binding to compare with.

7.7.  public class Oid

   This class represents Universal Object Identifiers (Oids) and their
   associated operations.

   Oids are hierarchically globally-interpretable identifiers used
   within the length GSS-API framework to identify mechanisms and name formats.

   The structure and encoding of messages that may be
   processed by wrap, Oids is defined in ISOIEC-8824 and
   ISOIEC-8825.  For example the implementation should not return a value that Oid representation of Kerberos V5
   mechanism is greater than this length.

   Parameters:

        qop       Indicates "1.2.840.113554.1.2.2"

   The GSSName name class contains public static Oid objects
   representing the level standard name types defined in GSS-API.

7.7.1.  Constructors

   public Oid(String strOid) throws GSSException

   Creates an Oid object from a string representation of protection wrap will be asked
                  to provide.

        confReq   Indicates if wrap will be asked to provide privacy
                  service.

        maxTokenSize its integer
   components (e.g. "1.2.840.113554.1.2.2").

   Parameters:

        strOid    The desired maximum size of string representation for the token emitted by wrap.

6.3.11.  wrap oid.

   public byte[] wrap(byte inBuf[], int offset, int len,
                           MessageProp msgProp) Oid(InputStream derOid) throws GSSException

   Allows

   Creates an Oid object from its DER encoding.  This refers to apply per-message security services over the established
   security context. full
   encoding including tag and length.  The method will return a token with a cryptographic
   MIC structure and may optionally encrypt the specified inBuf. encoding of
   Oids is defined in ISOIEC-8824 and ISOIEC-8825.  This method is
   equivalent
   identical in functionality to its stream counterpart. The returned byte array will contain both the MIC and the message.  The msgProp
   object is used to specify a QOP value which selects cryptographic
   algorithms, and a privacy service, if supported by the chosen
   mechanism.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the wrapping of zero-length messages.

   The application will be responsible for sending the token to the
   peer. counterpart.

   Parameters:

        inBuf     Application data to be protected.

        offset    The offset within the inBuf where the data begins.

        len       The length of the data within the inBuf (starting at
                  the offset).

        msgProp   Instance of MessageProp

        derOid    Stream containing the desired QOP and
                  privacy state.  Upon return from this method, this
                  object will contain the applied QOP (for cases when 0
                  was used) and the actual privacy state of the token.

6.3.12.  wrap

   public void wrap(InputStream inBuf, OutputStream outBuf,
                     MessageProp msgProp) DER encoded oid.

   public Oid(byte[] DEROid) throws GSSException

   Allows

   Creates an Oid object from its DER encoding.  This refers to apply per-message security services over the established
   security context. The method will produce a token with a
   cryptographic MIC full
   encoding including tag and may optionally encrypt the specified inBuf. length.  The outBuf will contain both the MIC structure and the message.  The msgProp
   object encoding of
   Oids is used defined in ISOIEC-8824 and ISOIEC-8825.  This method is
   identical in functionality to specify its byte array counterpart.

   Parameters:

        derOid    Byte array storing a QOP value to select cryptographic
   algorithms, and DER encoded oid.

7.7.2.  toString

   public String toString()

   Returns a privacy service, if supported by the chosen
   mechanism.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the wrapping string representation of zero-length messages.

   The application will be responsible for sending the token to oid's integer components in
   dot separated notation (e.g. "1.2.840.113554.1.2.2").

7.7.3.  equals

   public boolean equals(Object Obj)
   Returns "true" if the
   peer.

   Parameters:

        inpBuf    Application data to be protected.

        outBuf    The buffer to write two Oid objects represent the protected message to. The
                  application is responsible for sending this same oid value.

   Parameters:

        obj       Another Oid object to compare with.

7.7.4.  getDER

   public byte[] getDER()

   Returns the
                  other peer full ASN.1 DER encoding for processing in its unwrap method.

        msgProp   Instance of MessageProp containing the desired QOP and
                  privacy state.  Upon return from this method, this
                  object will contain the applied QOP (for cases when 0
                  was used) and the actual privacy state of the token.

6.3.13.  unwrap

   public byte [] unwrap(byte[] inBuf, int offset, int len,
                           MessageProp msgProp) throws GSSException

   Used by oid object, which
   includes the peer application tag and length.

7.7.5.  containedIn

   public boolean containedIn(Oid[] oids)

   A utility method to process tokens generated with the
   wrap call.  This call test if an Oid object is equal in functionality to its stream
   counterpart. The method will return contained within the message
   supplied in the peer
   application Oid object array.

   Parameters:

        oids      An array of oids to search.

7.8.  public class GSSException extends Exception

   This exception is thrown whenever a fatal GSS-API error occurs
   including mechanism specific errors.  It may contain both, the wrap call, verifying the embedded MIC. major
   and minor, GSS-API status codes.  The
   msgProp instance will indicate whether mechanism implementers are
   responsible for setting appropriate minor status codes when throwing
   this exception.  Aside from delivering the message was encrypted and
   will contain numeric error code(s) to
   the QOP indicating caller, this class performs the strength of protection that was
   used mapping from their numeric values
   to provide the confidentiality and integrity services.

   Since some application-level protocols may wish textual representations.  All Java GSS-API methods are declared
   throwing this exception.

   All implementations are encouraged to use tokens emitted
   by wrap the Java
   internationalization techniques to provide "secure framing", implementations should support
   the wrapping and unwrapping local translations of zero-length messages.

   Parameters:

        inBuf     GSS-API wrap token received from peer.

        offset    The offset within the inBuf where the token begins.

        len       The length
   message strings.

7.8.1.  Static Constants

   All valid major GSS-API error code values are declared as constants
   in this class.

   public static final int BAD_BINDINGS

   Channel bindings mismatch error.

   public static final int BAD_MECH

   Unsupported mechanism requested error.

   public static final int BAD_NAME

   Invalid name provided error.

   public static final int BAD_NAMETYPE

   Name of unsupported type provided error.

   public static final int BAD_STATUS

   Invalid status code error - this is the default status value.

   public static final int BAD_MIC

   Token had invalid integrity check error.

   public static final int CONTEXT_EXPIRED

   Specified security context expired error.

   public static final int CREDENTIALS_EXPIRED

   Expired credentials detected error.

   public static final int DEFECTIVE_CREDENTIAL

   Defective credential error.

   public static final int DEFECTIVE_TOKEN

   Defective token within the inBuf (starting error.

   public static final int FAILURE

   General failure, unspecified at
                  the offset).

        msgProp   Upon return from the method, this object will contain
                  the applied GSS-API level.

   public static final int NO_CONTEXT

   Invalid security context error.

   public static final int NO_CRED

   Invalid credentials error.

   public static final int BAD_QOP

   Unsupported QOP and the privacy state of the supplied
                  token.

6.3.14.  unwrap value error.

   public void unwrap(InputStream inBuf, OutputStream outBuf,
                           MessageProp msgProp) throws GSSException

   Used by the peer application to process tokens generated with the
   wrap call.  This call is equal in functionality to its byte array
   counterpart. It will produce the message supplied in the peer
   application to the wrap call, verifying the embedded MIC. static final int UNAUTHORIZED

   Operation unauthorized error.

   public static final int UNAVAILABLE

   Operation unavailable error.

   public static final int DUPLICATE_ELEMENT

   Duplicate credential element requested error.

   public static final int NAME_NOT_MN

   Name contains multi-mechanism elements error.

   public static final int DUPLICATE_TOKEN

   The
   msgProp parameter will indicate whether the message token was encrypted and
   will contain the QOP indicating the strength a duplicate of protection an earlier token.  This is a fatal error
   code that was may occur during context establishment.  It is not used to provide the confidentiality and integrity services. The
   msgProp object will also contain the
   indicate supplementary status information values.  The MessageProp object is used
   for the token.

   Since some application-level protocols may wish to use tokens emitted
   by wrap to provide "secure framing", implementations should support
   the wrapping and unwrapping of zero-length messages.

   Parameters:

        inBuf     GSS-API wrap token received from peer.

        outBuf that purpose.

   public static final int OLD_TOKEN

   The buffer token's validity period has expired.  This is a fatal error code
   that may occur during context establishment.  It is not used to write the application message to.

        msgProp   Upon return from the method, this object will contain
                  the applied QOP,  the privacy state, and
   indicate supplementary status values values.  The MessageProp object is used
   for the supplied token.

6.3.15.  getMIC that purpose.

   public byte[] getMIC(byte []inMsg, int offset, static final int len,
                           MessageProp msgProp) throws GSSException

   Returns a UNSEQ_TOKEN

   A later token containing a cryptographic MIC for the supplied
   message,  for transfer to the peer application.  Unlike wrap, which
   encapsulates the user message in the returned token, only the message
   MIC is returned in the output token. has already been processed.  This method is identical in
   functionality to its stream counterpart.

   Note a fatal error code
   that privacy can only be applied through the wrap call.

   Since some application-level protocols may wish to use tokens emitted
   by getMIC to provide "secure framing", implementations should support
   derivation of MICs from zero-length messages.

   Parameters:

        inMsg     Message occur during context establishment.  It is not used to generate MIC over.

        offset    The offset within the inMsg where the token begins.

        len
   indicate supplementary status values.  The length of the MessageProp object is used
   for that purpose.

   public static final int GAP_TOKEN

   An expected per-message token within the inMsg (starting at
                  the offset).

        msgProp   Indicates the desired QOP to be used.  Use QOP of 0 was not received.  This is a fatal
   error code that may occur during context establishment.  It is not
   used to indicate default value. supplementary status values.  The confidentiality flag is
                  ignored. Upon return from the method, this MessageProp object will
                  contain the applied QOP (in case 0 was selected).

6.3.16.  getMIC
   is used for that purpose.

7.8.2.  Constructors

   public void getMIC(InputStream inMsg, OutputStream outBuf,
                           MessageProp msgProp) throws GSSException

   Produces GSSException(int majorCode)

   Creates a token containing GSSException object with a cryptographic MIC for the supplied
   message, for transfer specified major code.

   Parameters:

        majorCode The GSS error code causing this exception to be
                  thrown.

   public GSSException(int majorCode, int minorCode, String minorString)

   Creates a GSSException object with the peer application.  Unlike wrap, which
   encapsulates the user message in the returned token, only the message
   MIC is produced in the output token. specified major code, minor
   code, and minor code textual explanation.  This method constructor is identical in
   functionality to its byte array counterpart.

   Note that privacy can only be applied through
   used when the wrap call.

   Since some application-level protocols may wish to use tokens emitted
   by getMIC to provide "secure framing", implementations should support
   derivation of MICs exception is originating from zero-length messages.

   Parameters:

        inMsg     Buffer containing the message security mechanism.
   It allows to specify the GSS code and the mechanism code.

   Parameters:

        majorCode      The GSS error code causing this exception to be
                       thrown.

        minorCode      The mechanism error code causing this exception
                       to generate MIC over.

        outBuf be thrown.

        minorString    The buffer to write textual explanation of the GSS-API output token into.

        msgProp   Indicates mechanism error
                       code.

7.8.3.  getMajor

   public int getMajor()

   Returns the desired QOP major code representing the GSS error code that caused
   this exception to be used.  Use QOP thrown.

7.8.4.  getMinor

   public int getMinor()

   Returns the mechanism error code that caused this exception.  The
   minor code is set by the underlying mechanism.  Value of 0 to
                  indicate default value.  The confidentiality flag indicates
   that mechanism error code is
                  ignored. Upon return from not set.

7.8.5.  getMajorString

   public String getMajorString()

   Returns a string explaining the method, GSS major error code causing this object will
                  contain
   exception to be thrown.

7.8.6.  getMinorString

   public String getMinorString()

   Returns a string explaining the applied QOP (in case 0 was selected).

6.3.17.  verifyMIC mechanism specific error code.  An
   empty string will be returned when no mechanism error code has been
   set.

7.8.7.  setMinor

   public void verifyMIC(byte []inTok, int tokOffset, int tokLen,
                           byte[] inMsg, int msgOffset, int msgLen,
                           MessageProp msgProp) throws GSSException
   Verifies setMinor(int minorCode, String message)

   Used internally by the cryptographic MIC, contained in GSS-API implementation and the token parameter,
   over underlying
   mechanisms to set the supplied message. minor code and its textual representation.

   Parameters:

        minorCode The msgProp parameter will contain mechanism specific error code.

        message   A textual explanation of the mechanism error code.

7.8.8.  toString

   public String toString()

   Returns a textual representation of both the major and minor status
   codes.

7.8.9.  getMessage

   public String getMessage()

   Returns a detailed message of this exception.  Overrides
   Throwable.getMessage.  It is customary in Java to use this method to
   obtain exception information.

7.9.  public abstract class GSSManager

   This class contains methods to manage and query different GSS-API
   providers.  This saves the
   QOP indicating application from knowing the strength name of protection the
   provider's factory class and instantiating it.  When the application
   has multiple providers installed on its system, it can use the
   GSSManager to search through them and return one that was applied supports a
   desired underlying mechanism.  It also provides a means for a single
   point of control to set the
   message. This method preferred GSS-API provider.  All
   delegation done by the GSSContext, GSSCredential and GSSName classes
   is equivalent in functionality then directed to its stream
   counterpart.

   Since some application-level protocols may wish implementing classes for that provider by
   default.

   Because this class locates and instantiates providers using the
   standard Java provider architecture, applications are encouraged to
   make use tokens emitted
   by getMIC of this class to provide "secure framing", maximize portability across implementations should support
   the calculation and verification of MICs over zero-length messages.

   Parameters:

        inTok     Token generated by peer's getMIC method.

        tokOffset The offset within
   rather than obtaining direct references to the inTok where factory classes from
   the token begins.

        tokLen implementations.

   The length benefits of this approach are that applications can switch
   between providers transparently and new providers can be added as
   needed.  Binary compatibility is maintained and applications can
   switch providers even at runtime.  The providers  themselves can
   change their implementation without having existing applications
   break.

7.9.1.  Example

   // Import the token within Security class and the inTok (starting at Provider class from
   // the offset).

        inMsg     Application message java security package
   import java.security.Security;
   import java.security.Provider;

   // We want to verify use the cryptographic MIC
                  over.

        msgOffset GSS-API implementation from a provider that is
   // registered with the system as FOOBAR.
   Provider p = Security.getProvider("FOOBAR");

   // What mechs does FOOBAR's GSS-API implementation support?
   Oid[] supportedMechs = GSSManager.getMechs(p);

   // Which provider is being used by default?
   Provider p = GSSManager.getDefaultProvider();
   print(p.getName()); // May not be "FOOBAR"

7.9.2.  setDefaultProvider

   public static void setDefaultProvider(Provider p)
                   throws java.security.NoSuchProviderException

   Sets the desired provider for the GSSManager, and the wrapper classes
   GSSName, GSSContext, and GSSCredential to use to delegate their calls
   by default.

   Parameters:

        p         The offset within provider that should be used by default.

7.9.3.  getDefaultProvider

   public static Provider getDefaultProvider()

   Returns a Provider object that represents the provider that the inMsg where
   GSSManager, and the message begins.

        msgLen    The length wrapper classes GSSName, GSSContext, and
   GSSCredential and using to delegate their calls to.

7.9.4.  getMechs

   public static Oid[] getMechs(Provider p)

   Returns an array of the message Oid objects, one for each mechanism available
   within the inMsg (starting
                  at the offset).

        msgProp   Upon return from GSS-API implementation supplied by the method, indicated provider.
   A "null" value is returned when no mechanism are available (an
   example of this object will contain
                  the applied QOP would be when mechanism are dynamically configured,
   and supplementary status values for
                  the supplied token. currently no mechanisms are installed).

   Parameters:

        p         The confidentiality state will provider that should be
                  always set to "false".

6.3.18.  verifyMIC queried. "null" indicates
                  query the default GSS-API provider.

7.9.5.  getNamesForMech

   public void verifyMIC(InputStream inTok, InputStream inMsg,
                           MessageProp msgProp) static Oid[] getNamesForMech(Oid mech, Provider p)
                                           throws GSSException

   Verifies the cryptographic MIC, contained in the token parameter,
   over

   Returns name types Oids supported by the supplied message. specified mechanism.

   Parameters:

        mech      The msgProp parameter will contain Oid object for the
   QOP indicating mechanism to query.

        p         The provider that should be queried. "null" indicates
                  query the strength default GSS-API provider.

7.9.6.  getMechsForName

   public static Oid[] getMechsForName(Oid nameType, Provider p)

   Returns an array of protection Oid objects, one for each mechanisms that was applied to support
   the
   message. This method specific name type.  "null" is equivalent in functionality to its byte array
   counterpart.

   Since some application-level protocols may wish to use tokens emitted
   by getMIC returned when no mechanisms are
   found to provide "secure framing", implementations should support the calculation and verification of MICs over zero-length messages.

   Parameters:

        inTok     Contains the token generated by peer's getMIC method.

        inMsg     Contains application message to verify the
                  cryptographic MIC over.

        msgProp   Upon return from the method, this object will contain
                  the applied QOP and supplementary status values specified name type.

   Parameters:

        nameType  The Oid object for the supplied token. name type to query.

        p         The confidentiality state will provider that should be
                  always set to "false".

6.3.19.  export queried. "null" indicates
                  query the default GSS-API provider.

7.9.7.  getProviderFromToken

   public byte [] export() throws GSSException

   Provided to static Provider getProviderFromToken(byte[] firstToken)

   Find a provider whose GSS-API implementation can support the sharing of work between multiple processes.
   mechanism that is needed for accepting a context with the given
   context establishment token.  This routine will typically call can be used by made only with the context-acceptor,
   first context establishment token received at the acceptor's end;
   that token is required to follow the format defined in an
   application where section 3.1 of
   RFC 2078.

   This call is useful to a single process receives incoming connection
   requests context acceptor that has multiple GSS
   implementations available to it and accepts security contexts over them, then passes has to decide which one of them
   to use such that the implementation supports the mechanism that the
   established
   context initiator wishes to one or more other processes for message
   exchange.

   This use.

   Parameters:

        firstTokenThe first token that is emitted during a GSS-API
                  context establishment.

7.9.8.  getProviderForMechanism

   public static Provider[] getProvidersForMechanism(Oid mechOid)

   A utility method deactivates to find the provider(s) whose GSS-API implementation
   can support the given mechanism.  The GSSManager class locates all
   java security context providers registered with the system and creates an
   interprocess token which, when passed determines
   from their respective GSSFactory implementations which ones support
   this mechanism.  It returns as array with all such provider objects.

   An application can then choose a preferred provider from the returned
   set.

   Parameters:

        mechOid   The Oid of the desired mechanism.

7.10.  public class GSSName implements IGSSName

   This concrete class is a wrapper around the interface IGSSName.  An
   application can use the GSSName class to perform all functionality of
   the IGSSName interface eliminating the need to know the byte array interface and
   instantiating it from the provider.  Its constructor
   of performs the GSSContext class
   following in another process, will re-activate one step: obtain the
   context in provider specific factory
   (IGSSFactory) object, and obtain an IGSSName object from the second process. Only a single instantiation of a given
   context may be active at any one time; a subsequent attempt by a
   context exporter to access factory
   initialized with the exported security context will fail. parameters supplied in the constructor.  The implementation may constrain
   wrapper delegates all its calls to this provider specific IGSSName
   object.

   It uses the set of processes by which preferred GSS-API provider to instantiate the
   interprocess token may be imported, either as a function of local
   security policy, or as a result of IGSSName
   implementation decisions.  For
   example, some implementations may constrain contexts to delegate to.  A default provider can optionally be passed
   only between processes that run under
   set by the same account, or which are
   part of application with the same process group. GSSManager.setDefaultProvider() call.

   The interprocess token may contain security-sensitive information
   (for example cryptographic keys).  While mechanisms are encouraged to
   either avoid placing such sensitive information within interprocess
   tokens, or to encrypt GSSName class implements the token before returning IGSSName interface and thus provides
   for all its functionality and also passes the compiler's type
   checking when used in place of IGSSName. The methods from IGSSName
   that GSSName implements are:

           public boolean equals(IGSSName another) throws GSSException

           public boolean equals(Object another)

           public IGSSName canonicalize(Oid mechOid) throws GSSException

           public byte[] export() throws GSSException

           public String toString()

           public Oid getStringNameType() throws GSSException

           public boolean isAnonymous()

           public boolean isMN()

   Similarly, it inherits the following static constants:

           public static final Oid NT_HOSTBASED_SERVICE

           public static final Oid NT_USER_NAME

           public static final Oid NT_MACHINE_UID_NAME

           public static final Oid NT_STRING_UID_NAME
           public static final Oid NT_ANONYMOUS

           public static final Oid NT_EXPORT_NAME

7.10.1.  Example

   Included below are code examples utilizing a GSSName object.  The
   code below creates a GSSName object, converts it to the
   application, in a typical GSS-API implementation this may not be
   possible. Thus the application must take care to protect mechanism name
   (MN), performs a comparison, obtains a printable representation of
   the
   interprocess token, name, exports it and ensure that any process then re-imports to which the token is
   transferred is trustworthy.

6.3.20.  requestMutualAuth

   public void requestMutualAuth(boolean state) throws GSSException

   Sets obtain a new GSSName
   object.  This code uses the request state of default GSS-API provider on the mutual authentication flag system.

   // create an oid object for Kerberos v5 to export the
   context. This method is only valid before name with
   // Kerberos later on

   Oid krb5 = new Oid("1.2.840.113554.1.2.2");

   // create a host based service name
   GSSName name = new GSSName("service@host",
                   GSSName.NT_HOSTBASED_SERVICE, null);

   GSSName mechName = name.canonicalize(krb5);

   // the context creation
   process begins and only for above two steps are equivalent to the initiator.

   Parameters:

        state     Boolean representing following constructor
   GSSName mechName = new GSSName("service@host",
                   GSSName.NT_HOSTBASED_SERVICE, krb5, null);

   // perform name comparison
   if mutual authentication should
                  be requested during context establishment.

6.3.21.  requestReplayDet

   public void requestReplayDet(boolean state) throws GSSException

   Sets the request state (name.equals(mechName))
           print("Names are equals.");

   // obtain textual representation of the replay detection service for the
   context. This method is only valid before the context creation
   process begins name and only for its printable
   // name type
   print(mechName.toString() +
                   mechName.getStringNameType().toString());

   // export and re-import the initiator.

   Parameters:

        state     Boolean representing if replay detection is desired
                  over name
   byte [] exportName = mechName.export();

   // create a new name object from the established context.

6.3.22.  requestSequenceDet exported buffer
   GSSName newName = new GSSName(exportName,
                   GSSName.NT_EXPORT_NAME, null);

7.10.2.  Constructors

   public void requestSequenceDet(boolean state) GSSName(String nameStr, Oid nameSpace, Provider p)
                                           throws GSSException

   Sets

   Converts a contiguous string name from the request state for specified namespace to a
   GSSName object.  In general, the sequence checking service of GSSName object created will not be
   an MN; the
   context. This method exception to this is only valid before if the context creation
   process begins and only for namespace type parameter
   indicates NT_EXPORT_NAME or if the initiator. GSS-API implementation is not
   multi-mechanism.

   Parameters:

        state     Boolean

        nameStr   The string representing if sequence detection is desired
                  over the established context.

6.3.23.  requestCredDeleg

   public void requestCredDeleg(boolean state) throws GSSException

   Sets the request state for a printable form of the credential delegation flag for name
                  to create.

        nameType  The Oid specifying the
   context. This method is only valid before namespace of the context creation
   process begins and only for printable name
                  supplied.  "null" value can be used to specify that a
                  mechanism specific default printable syntax should be
                  assumed by each mechanism that examines nameStr.

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the initiator.

   Parameter:

        state     Boolean representing if credential delegation is
                  desired.

6.3.24.  requestAnonymity default GSS-
                  API provider.

   public void requestAnonymity(boolean state) GSSName(byte name[], Oid nameType, Provider p)
                                           throws GSSException

   Requests anonymous support over

   Converts a contiguous byte array containing a name from the context. This method is only
   valid before specified
   namespace to a GSSName object.  In general, the context creation process begins and only for GSSName object
   created will not be an MN; the
   initiator.

   Parameter:

        state     Boolean representing if anonymity support exception to this is
                  requested.

6.3.25.  requestConf

   public void requestConf(boolean state) throws GSSException

   Requests that confidentiality service be available over if the namespace
   type parameter indicates NT_EXPORT_NAME or if the context.
   This method GSS-API
   implementation is only valid before not multi-mechanism.

   Parameters:

        name      The byte array containing the context creation process begins
   and only for name to create.

        nameType  The Oid specifying the initiator.

   Parameters:

        state     Boolean indicating if confidentiality services are namespace of the name supplied
                  in the byte array. "null" value can be used to specify
                  that a mechanism specific default syntax should be requested for
                  assumed by each mechanism that examines the context.

6.3.26.  requestInteg byte
                  array.

        p         The preferred provider whose GSS-API implementation
                  should be used.  "null" indicates use the default
                  GSS-API provider.

   public void requestInteg(boolean state) GSSName(String nameStr, Oid nameType, Oid mechType,
                   Provider p) throws GSSException

   Requests that integrity services be available over

   Converts a contiguous string name from the context. This
   method specified namespace to a
   GSSName object that is only valid before a mechanism name (MN).

   Parameters:

        nameStr   The string representing a printable form of the context creation process begins and
   only for name
                  to create.

        nameType  The Oid specifying the initiator.

   Parameters:

        state     Boolean indicating if integrity services are namespace of the printable name
                  supplied. "null" value can be used to specify that a
                  mechanism specific default printable syntax should be
                  requested for
                  assumed when the context.

6.3.27.  requestLifetime

   public void requestLifetime(int lifetime) throws GSSException

   Sets mechanism examines nameStr.

        mechType  The Oid specifying the desired lifetime mechanism for which this name
                  should be created.  "null" value can be used to
                  specify the context in seconds. This method is
   only valid before default mechanism.

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the context creation process begins and only for default GSS-
                  API provider.  Implementations should then pick the initiator.

   Parameters:

        lifetime  The desired context lifetime in seconds.

6.3.28.  setChannelBinding
                  first registered provider on the system that supports
                  the mechanism mechType.

   public void setChannelBinding(ChannelBinding cb) GSSName(byte name[], Oid nameType, Oid mechType,
                   Provider p) throws GSSException

   Sets

   Converts a contiguous byte array containing a name from the channel bindings specified
   namespace to be used during context establishment.
   This method a GSSName object that is only valid before the context creation process begins. a mechanism name (MN).

   Parameters:

        cb        Channel bindings

        name      The byte array representing the name to be used.

6.3.29.  getCredDelegState

   public boolean getCredDelegState()

   Returns create.

        nameType  The Oid specifying the state namespace of the delegated credentials for the context. When
   issued before context establishment is completed or printable name
                  supplied. "null" value can be used to specify that a
                  mechanism specific default printable syntax should be
                  assumed when the
   isProtReady method returns "false", it returns mechanism examines nameStr.

        mechType  The Oid specifying the desired state,
   otherwise it will indicate mechanism for which this name
                  should be created.

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the actual state over default GSS-
                  API provider.  Implementations should then pick the established
   context.

6.3.30.  getMutualAuthState
                  first registered provider on the system that supports
                  the mechanism mechType.

7.10.3.  getProvider

   public boolean getMutualAuthState() java.security.Provider getProvider()

   Returns the state provider of the mutual authentication option IGSSName implementation that this GSSName
   object is delegating all its calls to. This is useful for the
   context. When issued before context establishment completes
   applications to track which GSS implementation this object came from.
   It is important to not pass an  IGSSName implementation (which
   contains provider specific internal elements) to an IGSSCredential or when
   IGSSContext implementation from another provider.

7.11.  public class GSSCredential implements IGSSCredential

   This concrete class is a wrapper around the isProtReady method returns "false", interface IGSSCredential
   An application can use the GSSCredential class to perform all
   functionality of the IGSSCredential interface eliminating the need to
   know the interface and instantiating it returns from the provider.  Its
   constructor performs the following in one step: obtain the desired state,
   otherwise it will indicate provider
   specific factory (IGSSFactory) object, and obtain an IGSSCredential
   object from the actual state over factory initialized with the established
   context.

6.3.31.  getReplayDetState

   public boolean getReplayDetState()

   Returns parameters supplied in
   the state of constructor.  The wrapper delegates all its calls to this
   provider specific IGSSName object.

   It uses the replay detection option for preferred GSS-API provider to instantiate the context.
   When issued before context establishment completes or when
   IGSSCredential implementation to delegate to.  A default provider can
   optionally be set by the
   isProtReady method returns "false", it returns application with the desired state,
   otherwise it will indicate
   GSSManager.setDefaultProvider() call.

   The GSSCredential class implements the actual state over IGSSCredential interface and
   thus provides for all its functionality and also passes the established
   context.

6.3.32.  getSequenceDetState
   compiler's type checking when used in place of IGSSCredential.   The
   methods from IGSSCredential that GSSCredential implements are:

           public void dispose() throws GSSException

           public IGSSName getName() throws GSSException

           public IGSSName getName(Oid mechOID) throws GSSException

           public int getRemainingLifetime() throws GSSException

           public int getRemainingInitLifetime(Oid mech)
                           throws GSSException
           public int getRemainingAcceptLifetime(Oid mech)
                           throws GSSException

           public int getUsage() throws GSSException

           public int getUsage(Oid mechOID) throws GSSException

           public Oid[] getMechs() throws GSSException

           public void add(GSSName aName, int initLifetime,
                           int acceptLifetime, Oid mech,
                           int usage) throws GSSException

           public boolean getSequenceDetState()

   Returns equals(Object another)

   Similarly, it inherits the state of following static constants:

           public static final int INITIATE_AND_ACCEPT

           public static final int INITIATE_ONLY

           public static final int ACCEPT_ONLY

           public static final int INDEFINITE

7.11.1.  Example

   This example code demonstrates the sequence detection option creation of a GSSCredential object
   for the context.
   When issued before context establishment completes or a specific entity, querying of its fields, and its release when the
   isProtReady method returns "false", it returns the desired state,
   otherwise
   it will indicate is no longer needed.  It uses the actual state over default GSS provider.

   // start by creating a name object for the established
   context.

6.3.33.  getAnonymityState

   public boolean getAnonymityState()

   Returns "true" if this is an anonymous context. When issued before
   context establishment completes or when entity
   GSSName name = new GSSName("userName", GSSName.NT_USER_NAME, null);

   // now create a credential for the isProtReady method
   returns "false", it returns entity
   GSSCredential cred = new GSSCredential(name,
                   GSSCredential.ACCEPT_ONLY, null);

   // display credential information - name, remaining lifetime,
   // and the desired state, otherwise mechanisms it will
   indicate the actual state has been acquired over
   print(cred.getName().toString());
   print(cred.getRemainingLifetime());

   Oid [] mechs = cred.getMechs();
   if (mechs != null) {
           for (int i = 0; i < mechs.length; i++)
                   print(mechs[i].toString());
   }

   // release system resources held by the established context.

6.3.34.  isTransferable credential
   cred.dispose();

7.11.2.  Constructors

   public boolean isTransferable() GSSCredential (int usage, Provider p) throws GSSException

   Returns "true" if

   Constructor for GSSCredential that acquires default credentials.
   This will cause the context is transferable GSS-API to other processes
   through the use of the export method. This call is only valid on
   fully established contexts.

6.3.35.  isProtReady

   public boolean isProtReady()

   Returns "true" if the per message operations can be applied over the
   context. Some mechanisms may allow system specific defaults for the
   set of mechanisms, name, and an INDEFINITE lifetime.

   Parameters are:

        usage     The intended usage for this credential object.  The
                  value of per-message
   operations before this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the context is fully established. This will also
   indicate default GSS-
                  API provider.

   public GSSCredential (IGSSName aName, int lifetime,
                   Oid mechOid, int usage, Provider p)
                                   throws GSSException

   Constructor for GSSCredential that the get methods will return actual context state
   characteristics instead acquires a single mechanism
   credential.

   Parameters:

        aName     Name of the desired ones.

6.3.36.  getConfState

   public boolean getConfState()

   Returns principal for whom this credential is to
                  be acquired.  Use "null" to specify the confidentiality service state over default
                  principal.

        lifetime  The number of seconds that credentials should remain
                  valid.  Use GSSCredential.INDEFINITE to request that
                  the context. When
   issued before context establishment completes or when credentials have the isProtReady
   method returns "false", it returns maximum permitted lifetime.

        mechOid   The oid of the desired state, otherwise it
   will indicate mechanism.  Use "(Oid) null" to
                  request the actual state over default mechanism(s).

        usage     The intended usage for this credential object.  The
                  value of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the established context.

6.3.37.  getIntegState default GSS-
                  API provider.

   public boolean getIntegState()

   Returns the integrity service state GSSCredential(IGSSName aName, int lifetime,
                   Oid mechs[], int usage, Provider p)
                                    throws GSSException

   Constructor for GSSCredential that acquires credentials over a set of
   mechanisms.  Acquires credentials for each of the context. When issued
   before context establishment completes or when the isProtReady method
   returns "false", it returns mechanisms
   specified in the desired state, otherwise it will
   indicate array called mechs.  To determine the actual state over list of
   mechanisms' for which the established context.

6.3.38.  getLifetime

   public int getLifetime()

   Returns acquisition of credentials succeeded, the context lifetime in seconds.  When issued before context
   establishment completes or when
   caller should use the isProtReady method returns
   "false", it returns GSSCredential.getMechs() method.

   Parameters:

        aName     Name of the desired lifetime, otherwise it will indicate principal for whom this credential is to
                  be acquired.  Use "null" to specify the remaining default
                  principal.

        lifetime for  The number of seconds that credentials should remain
                  valid.  Use GSSCredential.INDEFINITE to request that
                  the context.

6.3.39.  getSrcName

   public GSSName getSrcName() throws GSSException

   Returns credentials have the name maximum permitted lifetime.

        mechOid   The array of mechanisms over which the context initiator.  This call credential is valid only
   after
                  to be acquired.  Use "(Oid[]) null" for requesting a
                  system specific default set of mechanisms.  Use an
                  empty array of Oid's such as "new Oid[] {}" to obtain
                  an empty credential which can later be built upon with
                  the context is fully established or GSSCredential.add() call.

        usage     The intended usage for this credential object.  The
                  value of this parameter must be one of:
                  GSSCredential.ACCEPT_AND_INITIATE,
                  GSSCredential.ACCEPT_ONLY, GSSCredential.INITIATE_ONLY

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the isProtReady method
   returns "true".

6.3.40.  getTargName default GSS-
                  API provider.

7.11.3.  getProvider

   public GSSName getTargName() throws GSSException java.security.Provider getProvider()

   Returns the name provider of the context target (acceptor).  This call is
   valid only after the context is fully established or the isProtReady
   method returns "true".

6.3.41.  getMech

   public Oid getMech() throws GSSException

   Returns the mechanism oid for IGSSCredential implementation that this context.

6.3.42.  getDelegCred

   public
   GSSCredential getDelegCred() throws GSSException

   Returns the delegated credential object on the acceptor's side. To
   check for availability of delegated credentials call
   getDelegCredState. is delegating all its calls to.  This call is only valid on fully established
   contexts.

6.3.43.  isInitiator

   public boolean isInitiator() throws GSSException

   Returns "true" if useful
   for applications to track which GSS implementation this object came
   from.  It is the initiator of the context. This call is
   only valid after the context creation process has started.

6.4. important to not pass an IGSSCredential implementation
   (which contains provider specific internal elements) to an
   IGSSContext implementation from another provider.

7.12.  public class MessageProp GSSContext implements IGSSContext

   This concrete class is a utility class used within wrapper around the interface IGSSContext.
   An application can use the per-message GSSContext
   methods class to convey per-message properties.

   When used with perform all
   functionality of the IGSSContext interface eliminating the need to
   know the interface and instantiating it from the provider.  Its
   constructor performs the GSSContext class wrap following in one step: obtain the provider
   specific factory (IGSSFactory) object, and getMIC methods, obtain an
   instance of this class is used to indicate IGSSContext
   object from the desired QOP and factory initialized with the parameters supplied in
   the constructor.  The wrapper delegates all its calls to
   request if confidentiality services are this
   provider specific IGSSContext object.

   It uses the preferred GSS-API provider to be applied instantiate the IGSSContext
   implementation to caller
   supplied data (wrap only).  To request delegate to.  The default QOP, the value of 0
   should provider can optionally
   be used.

   When used with set by the unwrap and verifyMIC methods of application with the GSSManager.setDefaultProvider()
   call.

   The GSSContext
   class, an instance of this class will be used to indicate implements the applied
   QOP IGSSContext interface and thus
   provides for all its functionality and confidentiality services over the supplied message. In the
   case of verifyMIC, the confidentiality state will always be "false".
   Upon return from these methods, this object will also contain any
   supplementary status values applicable to passes the processed token.  The
   supplementary status values can indicate old tokens, out compiler's
   type checking when used in place of sequence
   tokens, gap tokens or duplicate tokens.

6.4.1.  Constructors IGSSContext. The methods from
   IGSSContext that GSSContext implements are:

           public byte[] initSecContext(byte inputBuf[],
                   int offset, int len) throws GSSException

           public int initSecContext(InputStream inStream,
                   OutputStream outStream) throws GSSException

           public byte[] acceptSecContext(byte inTok[], int offset,
                   int len) throws GSSException

           public void acceptSecContext(InputStream inStream,
                   OutputStream outStream) throws GSSException

           public boolean isEstablished()
           public void dispose() throws GSSException

           public int getWrapSizeLimit(int qop, boolean confReq,
                   int maxTokenSize) throws GSSException

           public byte[] wrap(byte inBuf[], int offset, int len,
                   MessageProp msgProp) throws GSSException

           public void wrap(InputStream inStream,
                   OutputStream outStream, MessageProp msgProp)
                   throws GSSException

           public byte [] unwrap(byte[] inBuf, int offset, int len,
                   MessageProp msgProp) throws GSSException

           public void unwrap(InputStream inStream,
                   OutputStream outStream, MessageProp msgProp)
                                           throws GSSException

           public MessageProp()

   Default constructor for the class. QOP is set to 0 and
   confidentiality to "false". byte[] getMIC(byte []inMsg, int offset, int len,
                   MessageProp msgProp) throws GSSException

           public MessageProp(int qop, boolean privState)

   Constructor which sets the values for the qop and privacy state.

   Parameters:

        qop       The desired QOP.

        privState The desired privacy state.

6.4.2.  getQOP void getMIC(InputStream inStream,
                   OutputStream outStream, MessageProp msgProp)
                   throws GSSException

           public void verifyMIC(byte []inTok, int getQOP()

   Retrieves the QOP value.

6.4.3.  getPrivacy tokOffset,
                   int tokLen, byte[] inMsg, int msgOffset,
                   int msgLen, MessageProp msgProp) throws GSSException

           public boolean getPrivacy()

   Retrieves the privacy state.

6.4.4.  setQOP void verifyMIC(InputStream tokStream,
                   InputStream msgStream, MessageProp msgProp)
                   throws GSSException

           public byte [] export() throws GSSException

           public void setQOP(int qopVal)

   Sets the QOP value.

   Parameter:

        qopVal    The QOP value to be set.

6.4.5.  setPrivacy requestMutualAuth(boolean state)
                   throws GSSException

           public void setPrivacy(boolean privState)

   Sets the privacy state.

   Parameter:

        privState The privacy state to set.

6.4.6.  isDuplicateToken requestReplayDet(boolean state)
                   throws GSSException

           public void requestSequenceDet(boolean state)
                   throws GSSException

           public void requestCredDeleg(boolean state)
                   throws GSSException
           public void requestAnonymity(boolean state)
                   throws GSSException

           public void requestConf(boolean state) throws GSSException

           public void requestInteg(boolean state) throws GSSException

           public void requestLifetime(int lifetime) throws GSSException

           public void setChannelBinding(ChannelBinding cb)
                   throws GSSException

           public boolean isDuplicateToken()

   Returns "true" if this is a duplicate of an earlier token.

6.4.7.  isOldToken getCredDelegState()

           public boolean isOldToken()

   Returns "true" if the token's validity period has expired.

6.4.8.  isUnseqToken getMutualAuthState()

           public boolean isUnseqToken()

   Returns "true" if a later token has already been processed.

6.4.9.  isGapToken getReplayDetState()

           public boolean getSequenceDetState()

           public boolean getAnonymityState()

           public boolean isTransferable() throws GSSException

           public boolean isProtReady()

           public boolean getConfState()

           public boolean getIntegState()

           public int getLifetime()

           public GSSName getSrcName() throws GSSException

           public GSSName getTargName() throws GSSException

           public Oid getMech() throws GSSException

           public boolean isGapToken()

   Returns "true" if an expected per-message token was not received.

6.5. GSSCredential getDelegCred() throws GSSException

           public class GSSManager

   This class implements functionality common to boolean isInitiator() throws GSSException

   Similarly, it inherits the entire GSS-API
   package. It does not define any public constructors and all its
   methods are static.

6.5.1.  getMechs following static constant:

           public static Oid[] getMechs()

   Returns an array final int INDEFINITE

7.12.1.  Example

   The example code presented below demonstrates the usage of Oid objects, one the
   GSSContext object for each the initiating peer.  Different operations on
   the GSSContext object are presented, including: object instantiation,
   setting of desired flags, context establishment, query of actual
   context flags, per-message operations on application data, and
   finally context deletion.

   // start by creating the name for a service entity
   GSSName targetName = new GSSName("service@host",
                   GSSName.NT_HOSTBASED_SERVICE, null);

   // create a context using default credentials for the above entity
   // and the implementation specific default mechanism available
   within this GSS-API package. A "null" value is returned when no
   GSSContext context = new GSSContext(targetName,
                   null,   /* default mechanism */
                   null,   /* default credentials */
                   GSSContext.INDEFINITE,
                   null /* default provider */);

   // set desired context options - all others are available (an example of this would be when false by default
   context.requestConf(true);
   context.requestMutualAuth(true);
   context.requestReplayDet(true);
   context.requestSequenceDet(true);

   // establish a context between peers - using byte arrays
   byte []inTok = new byte[0];

   try {
           do {
                   byte[] outTok = context.init(inTok, 0, inTok.length);

                   // send the token if present
                   if (outTok != null)
                           sendToken(outTok);

                   // check if we should expect more tokens
                   if (context.isEstablished())
                           break;

                   // another token expected from peer
                   inTok = readToken();

           } while (true);
   } catch (GSSException e) {
           print("GSSAPI error: " + e.getMessage());
   }

   // display context information
   print("Remaining lifetime in seconds = " + context.getLifetime());
   print("Context mechanism
   are dynamically configured, = " + context.getMech().toString());
   print("Initiator = " + context.getSrcName().toString());
   print("Acceptor = " + context.getTargName().toString());

   if (context.getConfState())
           print("Confidentiality security service available");

   if (context.getIntegState())
           print("Integrity security service available");

   // perform wrap on an application supplied message, appMsg,
   // using QOP = 0, and currently no mechanisms are
   installed).

6.5.2.  getNamesForMech

   public static Oid[] getNamesForMech(Oid mech) throws GSSException

   Returns name types Oids supported by requesting privacy service
   byte [] appMsg ...

   MessageProp mProp = new MessageProp(0, true);

   byte []tok = context.wrap(appMsg, 0, appMsg.length, mProp);

   if (mProp.getPrivacy())
           print("Message protected with privacy.");

   sendToken(tok);

   // release the specified mechanism.

   Parameters:

        mech local-end of the context
   context.dispose();

7.12.2.  Constructors

   The Oid object for GSSContext class provides the mechanism following constructors.  In
   addition to query.

6.5.3.  getMechsForName

   public static Oid[] getMechsForName(Oid nameType)

   Returns these, this class also provides an array overloaded form of Oid objects, one for
   each mechanisms of these constructors that support
   the specific name type.  "null" is returned when no mechanisms are
   found to support takes a java.security.Provider object
   as the specified name type.

   Parameters:

        nameType last parameter.  The Oid object for overloaded constructor with the name type Provider
   argument is indentical to query.

6.5.4.  getDefaultMech

   public static Oid getDefaultMech()

   Returns the default mechanism oid.  This is one without the mechanisms Provider with the
   exception that will
   be used when a "null" Oid object is specified in place of an Oid
   object within GSSCredential and the GSSContext methods.

6.6.  public class ChannelBinding uses the specified Provider to
   instantiate the IGSSContext implementation.  The GSS-API accommodates constructors with
   the concept of caller-provided channel
   binding information. Channel bindings Provider argument are used useful when the application wishes to strengthen
   instantiate from a given provider without setting the
   quality with which peer entity authentication is provided during default
   provider globally in the GSSManager class. The sample code shown in
   8.2 demonstrates the use such a constructor.

   public GSSContext(GSSName peer, Oid mechOid,
                   GSSCredential myCred, int lifetime, Provider p)
                   throws GSSException

   Constructor for creating a context establishment. They enable on the GSS-API callers initiator's side.  Context
   flags may be modified through the mutator methods prior to bind calling
   GSSContext.initSecContext().

   Parameters:

        peer      Name of the
   establishment target peer.

        mechOid   Oid of the security context to relevant characteristics
   like addresses or desired mechanism.  Use "null" to application specific data.

   The caller initiating the security context must determine request
                  default mechanism.

        myCred    Credentials of the
   appropriate channel binding values initiator.  Use "null" to set act as a
                  default initiator principal.

        lifetime  The request lifetime, in seconds, for the GSSContext object. credential.

        p         The acceptor must provide an identical binding in order to validate
   that received tokens possess correct channel-related characteristics.

   Use of channel bindings is optional in GSS-API. Since channel-binding
   information may be transmitted in context establishment tokens,
   applications preferred provider whose GSS-API implementation
                  should therefore not be used. "null" indicates use confidential data as channel-
   binding components.

6.6.1.  Constructors the default GSS-
                  API provider.

   public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
                                   byte[] appData)

   Create a ChannelBinding object with user supplied address information
   and data.  "null" values can be used GSSContext(GSSCredential myCred, Provider p) throws
   GSSException

   Constructor for any fields which creating a context on the
   application does not want to specify.

   Parameters:

        initAddr acceptor' side.  The address of the context initiator.  "null" value
                  can
   context's properties will be determined from the input token supplied
   to indicate that the application does
                  not want accept method.

   Parameters:

        myCred    Credentials for the acceptor.  Use "null" to set this value.

        acceptAddrThe address of act as a
                  default acceptor principal.

        p         The preferred provider whose GSS-API implementation
                  should be used. "null" indicates use the default GSS-
                  API provider.

   public GSSContext(byte [] interProcessToken, Provider p) throws
   GSSException
   Constructor for creating a previously exported context.  The context acceptor.  "null" value can
                  be supplied to indicate that the application does not
                  want to set this value.

        appData   Application supplied data to
   properties will be used as part of determined from the
                  channel bindings.  "null" value can input token and can't be supplied to
                  indicate that
   modified through the application does not want to set
                  this value.

   public ChannelBinding(byte[] appData)

   Creates a ChannelBinding object without any addressing information. methods.

   Parameters:

        appData   Application supplied data to

        interProcessToken
                  The token previously emitted from the export method.

        p         The preferred provider whose GSS-API implementation
                  should be used as part of used. "null" indicates use the
                  channel bindings.

6.6.2.  getInitiatorAddress default GSS-
                  API provider.

7.12.3.  getProvider

   public InetAddress getInitiatorAddress() java.security.Provider getProvider()

   Returns the initiator's address for provider of the IGSSContext implementation that this channel binding. "null"
   GSSContext object is
   returned if the address has not been set.

6.6.3.  getAcceptorAddress

   public InetAddress getAcceptorAddress()

   Returns the acceptor's address delegating all its calls to. This is useful for
   applications to track which GSS implementation this channel binding. "null" object came from.
   It is
   returned if the address has important to not been set.

6.6.4.  getApplicationData

   public byte[] getApplicationData()

   Returns application data being used as part of the ChannelBinding.
   "null" is returned if no application data has been specified for the
   channel binding.

6.6.5.  equals

   public boolean equals(Object obj)

   Returns "true" if two channel bindings match.

   Parameter:

        obj       Another channel binding pass an IGSSName or an IGSSCredential
   implementation (which contain provider specific internal elements) to compare with.

6.7.  public class Oid
   an IGSSContext implementation from another provider.

8.  Sample Applications

   Full Copyright Statement

      Copyright (C) The Internet Society (1999).  All Rights Reserved.

      This class represents Universal Object Identifiers (Oids) document and their
   associated operations.

   Oids are hierarchically globally-interpretable identifiers used
   within the GSS-API framework to identify mechanisms translations of it may be copied and furnished
   to others, and name formats.

   The structure derivative works that comment on or otherwise explain
   it or assist in its implementation may be prepared, copied, published
   and encoding of Oids is defined distributed, in ISOIEC-8824 whole or in part, without restriction of any
   kind, provided that the above copyright notice and
   ISOIEC-8825. For example this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the Oid representation copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of Kerberos V5
   mechanism is "1.2.840.113554.1.2.2"

   The GSSName name class contains public static Oid objects
   representing
   developing Internet standards in which case the standard name types procedures for
   copyrights defined in GSS-API.

6.7.1.  Constructors

   public Oid(String strOid) throws GSSException

   Creates an Oid object from a string representation of its integer
   components (e.g. "1.2.840.113554.1.2.2").

   Parameters:

        strOid the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

      The string representation for limited permissions granted above are perpetual and will not
   be revoked by the oid.

   public Oid(InputStream derOid) throws GSSException

   Creates an Oid object from Internet Society or its DER encoding. successors or assigns.

      This refers to the full
   encoding including tag and length.  The structure document and encoding of
   Oids the information contained herein is defined in ISOIEC-8824 provided on
   an "AS IS" basis and ISOIEC-8825. THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

8.1.  Simple GSS Context Initiator

   import org.ietf.JGSS.*;

   /**
    * This method is
   identical in functionality to its byte array counterpart.

   Parameters:

        derOid    Stream containing the DER encoded oid.

   public Oid(byte[] DEROid) throws GSSException

   Creates an Oid object from its DER encoding. sketch for a simple client program that acts as a GSS
    * context initiator.  This refers sample program shows how to use the full
   encoding including tag and length.  The structure and encoding
    * Java bindings of
   Oids is defined the GSS-API specified in ISOIEC-8824
    * draft-ietf-cat-gssv2-javabind-02.txt.
    *
    * This application assumes the existence of a GSS-API
    * implementation that supports the mechanism that it will need and ISOIEC-8825.  This method
    * is
   identical in functionality to its byte array counterpart.

   Parameters:

        derOid    Byte array storing a DER encoded oid.

6.7.2.  toString

   public String toString()
   Returns present as a string representation library package (org.ietf.JGSS) either as part of
    * the oid's integer components standard JRE or in
   dot separated notation (e.g. "1.2.840.113554.1.2.2").

6.7.3.  toRFC2078String the CLASSPATH the application specifies.
    */

   public class SimpleClient {

       private String toRFC2078String()

   Returns a string representation serviceName; // name of peer (ie. server)
       private GSSCredential clientCred = null;
       private GSSContext context = null;
       private Oid mech; // underlying mechanism to use

       ...
       ...

       /**
        * The SimpleClient method that connects to the Oid's integer components in server,
        * establishes a security context with it, sends some data
        * across and gets back a response.
        */
       private void clientActions() {

           initializeGSS();
           establishContext();
           doCommunication();
       }

       /**
        * Acquire credentials for the client.
        */
       private void initializeGSS() {

           // Uncommenting the following line will cause the
           // GSS-framework to use the format specified within RFC 2078 (e.g. "{ 1 2 840 113554 1 2 2
   }").

6.7.4.  equals

   public boolean equals(Object Obj)

   Returns "true" provider
           // when using a default provider.
           // The GSS API framework in org.ietf.JGSS will then
           // instantiate names, credentials, and the context from that
           // provider:
           // GSSManager.setDefaultProvider("FOOBAR");

           try {

               clientCred = new GSSCredential(null /*default princ.*/,
                       GSSCredential.INDEFINITE /* max lifetime */,
                       mech /* mechanism  to use */,
                       GSSCredential.INITIATE_ONLY /* init context */,
                       null /* default provider */);

               print("GSSCredential created for " +
                     cred.getName().toString());
               print("Credential lifetime (sec)=" +
                     cred.getRemainingLifetime());
           } catch (GSSException e) {
                   print("GSS-API error in credential acquisition: "
                         + e.getMessage());
                   ...
                   ...
           }

           ...
           ...
       }

       /**
        * Does the security context establishment with the
        * server.
        */
       private void establishContext() {

           byte[] inToken = new byte[0];
           byte[] outToken = null;

           try {
               GSSName peer = new GSSName(serviceName,
                                  GSSName.NT_HOSTBASED_SERVICE, null);

               context = new GSSContext(peer, mech, gssCred,
                                GSSContext.INDEFINITE/*lifetime*/,
                                null);

               // Will need to support confidentiality
               context.requestConf(true);

               while (!context.isEstablished()) {

                   outToken = context.initSecContext(inToken, 0,
                                                     inToken.length);

                   if (outToken != null)
                       writeGSSToken(outToken);

                   if (!context.isEstablished())
                       inToken = readGSSToken();
               }

               GSSName peer = context.getSrcName();
               print("Security context established with " + peer +
                     " using underlying mechanism " + mech.toString());
           } catch (GSSException e) {
                   print("GSS-API error during context establishment: "
                         + e.getMessage());
               ...
               ...
           }

           ...
           ...
       }

       /**
        * Sends some data to the two Oid objects represent server and reads back the same oid value.

   Parameter:

        obj       Another Oid object to compare with.

6.7.5.  getDER

   public
        * response.
        */
       private void doCommunication()  {
               byte[] getDER()

   Returns the full ASN.1 DER encoding inToken = null;
               byte[] outToken = null;
               byte[] buffer;

               // Container for this oid object, which
   includes the tag and length.

6.7.6.  containedIn

   public boolean containedIn(Oid[] oids)

   A utility method multiple input-output arguments to test if an Oid object is contained within and
               // from the
   supplied Oid object array.

   Parameter:

        oids      An array of oids per-message routines (e.g., wrap/unwrap).

               MessageProp messgInfo = new MessageProp();

               try {

                   /*
                    * Now send some bytes to search.

6.8.  public class GSSException extends Exception
   This exception is thrown whenever a fatal GSS-API error occurs
   including mechanism specific errors. It may contain both, the major
   and minor, GSS-API status codes. The mechanism implementers are
   responsible server to be
                    * processed. They will be integrity protected but
                    * not encrypted for setting appropriate minor status codes when throwing
   this exception. Aside from delivering the numeric error code(s) privacy.
                    */

                   buffer = readFromFile();

                   // Set privacy to false and use the caller, this class performs default QOP
                   messgInfo.setPrivacy(false);

                   outToken = context.wrap(buffer, 0, buffer.length,
                                           messgInfo);

                   writeGSSToken(outToken);

                   /*
                    * Now read the mapping response from their numeric values
   to textual representations.  All Java GSS-API methods are declared
   throwing this exception. the server.
                    */

                   inToken = readGSSToken();
                   buffer = context.unwrap(inToken, 0, inToken.length,
                                           messgInfo);
                   // All implementations are encouraged ok if no exception was thrown!

                   GSSName peer = context.getSrcName();

                   print("Message from "       + peer.toString()
                         + " arrived.");
                   print("Was it encrypted? "  +
                         messgInfo.getPrivacy());
                   print("Duplicate Token? "   +
                         messgInfo.isDuplicateToken());
                   print("Old Token? "         +
                         messgInfo.isOldToken());
                   print("Unsequenced Token? " +
                         messgInfo.isUnseqToken());
                   print("Gap Token? "         +
                         messgInfo.isGapToken());

                   ...
                   ...

               } catch (GSSException e) {
                   print("GSS-API error in per-message calls: "
                         + e.getMessage());
                   ...
                   ...
               }

               ...
               ...

       } // end of doCommunication method

       ...
       ...

   } // end of class SimpleClient

8.2.  GSS Context Acceptor Using Multiple Providers

   import org.ietf.JGSS.*;
   import java.security.Provider;

   /**
    * This is the sketch for a simple server program that acts as a GSS
    * context acceptor. This sample program shows how to use the Java
   internationalization techniques to provide local translations
    * bindings of the
   message strings.

6.8.1.  Class Constants

   All valid major GSS-API error code values are declared as constants specified in this class.

   public static final int BAD_BINDINGS

   Channel bindings mismatch error.

   public static final int BAD_MECH

   Unsupported mechanism requested error.

   public static final int BAD_NAME

   Invalid name provided error.

   public static final int BAD_NAMETYPE

   Name of unsupported type provided error.

   public static final int BAD_STATUS

   Invalid status code error - this is
    * draft-ietf-cat-gssv2-javabind-02.txt.
    *
    * This application assumes the default status value.

   public static final int BAD_MIC

   Token had invalid integrity check error.

   public static final int CONTEXT_EXPIRED

   Specified security context expired error.

   public static final int CREDENTIALS_EXPIRED

   Expired credentials detected error.

   public static final int DEFECTIVE_CREDENTIAL

   Defective credential error.

   public static final int DEFECTIVE_TOKEN

   Defective token error.

   public static final int FAILURE

   General failure, unspecified at GSS-API level.

   public static final int NO_CONTEXT

   Invalid security context error.

   public static final int NO_CRED

   Invalid credentials error.

   public static final int BAD_QOP

   Unsupported QOP value error.

   public static final int UNAUTHORIZED

   Operation unauthorized error.

   public static final int UNAVAILABLE

   Operation unavailable error.

   public static final int DUPLICATE_ELEMENT

   Duplicate credential element requested error.

   public static final int NAME_NOT_MN

   Name contains multi-mechanism elements error.

   public static final int DUPLICATE_TOKEN

   The token was a duplicate existence of an earlier token. one or more GSS-API
    * implementations that are registered via different providers with
    * the standard java.security.Security class. It depends on
    * functionality in the GSSManager to pick the right implementation
    * that suites its needs.
    */

   public class SimpleServer {

       private String serviceName;

       ...
       ...

       /**
        * This is method performs the infinite loop where the
        * SimpleServer accepts connections from different clients,
        * establishes security contexts with them and provides them
        * with some service.
        */
       private void loop() {

       ...
       ...

           // Loop infinitely
           while (true) {

               Socket s = serverSock.accept();

               // Start a fatal error
   code that may occur during context establishment.  It is not used new thread to
   indicate supplementary status values. The MessageProp object serve this connection
               Thread serverThread = new ServerThread(s);
               serverThread.start();

           }
       }

       /**
        * Inner class ServerThread whose run() method provides the
        * secure service to a connection. run() gets called by the JVM
        * automatically when Thread.start() is used invoked in serverLoop().
        */

       private class ServerThread extends Thread {

       ...
       ...

           /**
            * Deals with the connection from one client. It also
            * handles all GSSException's thrown while talking to
            * this client.
            */
           public void run() {

               byte[] inToken = null;
               byte[] outToken = null;
               byte[] buffer;

               GSSNameInt peer;

               // Container for multiple input-output arguments to and
               // from the per-message routines (ie. wrap/unwrap).
               MessageProp supplInfo = new MessageProp();
               GSSContextInt secContext = null;

               try {

                   // Obtain the first context establishment GSS token
                   inToken = readGSSToken();

                   // Tell the GSSManager to find a GSS
                   // implementation that purpose.

   public static final int OLD_TOKEN supports this mechanism. The token's validity period has expired.  This
                   // token is parsed by the GSSManager to determine
                   // the mechanism Oid using the format defined in
                   // RFC 2078 Section 3.1.
                   Provider p =
                       GSSManager.getProviderFromToken(inToken);

                   // Create a fatal error code
   that may occur during context establishment. GSSName and a GSSCredential using the
                   // same provider. It is important to not used pass a
                   // GSSName and GSSCredential (which contain provider
                   // specific internal elements) to a GSSContext from
                   // another provider.

                   GSSName name = new GSSName(serviceName,
                                      GSSName.NT_HOSTBASED_SERVICE, p);
                   GSSCredential cred = new GSSCredential(name,
                                          GSSCredential.INDEFINITE,
                                          null,
                                          GSSCredential.ACCEPT_ONLY,
                                          p);

                   // Now do the context establishment loop

                   GSSContext context = new GSSContext(cred, null);

                   while (!context.isEstablished()) {

                       outToken = context.acceptSecContext(inToken, 0,
                                                   inToken.length);

                       if (outToken != null)
                           writeGSSToken(outToken);

                       if (!context.isEstablished())
                           inToken = readGSSToken();
                   }
                   // SimpleServer wants confidentiality to be
                   // available. Check for it.
                   if (!context.getConfState()){
                       ...
                       ...
                   }

                   GSSNameInt peer = context.getSrcName();
                   Oid mech = context.getMech();
                   print("Security context established with " +
                         peer.toString() +
                         " using underlying mechanism " +
                         mech.toString() +
                         " from Provider " +
                         context.getProvider().getName());

                   // Now read the bytes sent by the client to
   indicate be
                   // processed.
                   inToken = readGSSToken();

                   // Unwrap the message
                   buffer = context.unwrap(inToken, 0, inToken.length,
                                             supplInfo);
                   // All ok if no exception was thrown!

                   // Print other supplementary per-message status values. The MessageProp object is used
   for that purpose.

   public static final int UNSEQ_TOKEN

   A later token has already been processed.
                   // information

                   print("Message from " +
                           peer.toString() + " arrived.");
                   print("Was it encrypted? " +
                           supplInfo.getPrivacy());
                   print("Duplicate Token? " +
                           supplInfo.isDuplicateToken());
                   print("Old Token? "  + supplInfo.isOldToken());
                   print("Unsequenced Token? " +
                           supplInfo.isUnseqToken());
                   print("Gap Token? "  + supplInfo.isGapToken());

                   /*
                    * Now process the bytes and send back an encrypted
                    * response.
                    */

                   buffer = serverProcess(buffer);

                   // Encipher it and send it across
                   supplInfo.setPrivacy(true); // privacy requested
                   supplInfo.setQOP(0); // default QOP
                   outToken = context.wrap(buffer, 0, buffer.length,
                                              supplInfo);
                   writeGSSToken(outToken);

               } catch (GSSException e) {
                   print("GSS-API Error: " + e.getMessage());
                   // Alternatively, could call e.getMajorMessage()
                   // and e.getMinorMessage()
                   print("Abandoning security context.");

                   ...
                   ...

               }

               ...
               ...

           } // end of run method in ServerThread

       } // end of inner class ServerThread

       ...
       ...

   } // end of class SimpleServer

8.3.  GSS Context Initiator Using the Provider Factory Directly

   import org.ietf.JGSS.*;

   /**
    * This is the sketch for a fatal error code another client program that may occur during acts as a
    * GSS  context establishment. It is not used initiator.  This sample program shows how to
   indicate supplementary status values. The MessageProp object is used
   for that purpose.

   public static final int GAP_TOKEN

   An expected per-message token was not received. use the
    * Java bindings of the GSS-API specified in
    * draft-ietf-cat-gssv2-javabind-02.txt.
    *
    * This application is a fatal
   error code very aware of the provider classes that may occur during context establishment. it
    * will use.  It is not
   used to indicate supplementary status values. The MessageProp object
   is used for may be that purpose.

6.8.2.  Constructors

   public GSSException(int majorCode)

   Creates a GSSException object this application ships along with a specified major code.

   Parameters:

        majorCode The GSS error code causing this exception
    * implementation that is specific to its needs and the application
    * chooses to directly instantiate the desired factory.  This API is
    * not encouraged for applications that wish to be
                  thrown. portable.
    */

   public GSSException(int majorCode, int minorCode, class AnotherClient {

       private GSSFactory factory = null;

       private String minorString)

   Creates serviceName; // name of peer (ie. server)
       private IGSSCredential clientCred = null;
       private IGSSContext context = null;
       private Oid mech; // underlying mechanism to use

       ...
       ...

       /**
        * The AnotherClient method that connects to the server,
        * establishes a GSSException object security context with the specified major code, minor
   code, it, sends some data
        * across and minor code textual explanation. This constructor is to be
   used when gets back a response.
        */
       private void clientActions() {

           // Get the exception is originating factory directly from the security mechanism.
   It allows to specify the GSS code and desired implementation
           factory = new com.xyz.GSSAPI.MyFactory();

           initializeGSS();
           establishContext();
           doCommunication();
       }

       /**
        * Acquire credentials for the client.
        */

       private void initializeGSS()  {

           try {

               clientCred = factory.createCredentials(
                      null /* default principal*/,
                      IGSSCredential.INDEFINITE /* max lifetime */,
                      mech /* mechanism code.

   Parameters:

        majorCode      The GSS error code causing this exception  to be
                       thrown.

        minorCode      The mechanism use */,
                      IGSSCredential.INITIATE_ONLY /* init context */);

               print("Credential created for " +
                     cred.getName().toString());
               print("Credential lifetime (sec)=" +
                     cred.getRemainingLifetime());
           } catch (GSSException e) {
                   print("GSS-API error code causing this exception
                       to be thrown.

        minorString    The textual explanation of in credential acquisition: "
                         + e.getMessage());
                   ...
                   ...
           }
       }

       /**
        * Does the security context establishment with the
        * server.
        */
       private void establishContext() {

           byte[] inToken = new byte[0];
           byte[] outToken = null;

           try {

               GSSName peer = factory.createName(serviceName,
                                  IGSSName.NT_HOSTBASED_SERVICE);

               context = factory.createContext(peer, mech, gssCred,
                                IGSSContext.INDEFINITE/*lifetime*/);

               // Will need to support confidentiality
               context.requestConf(true);

               while (!context.isEstablished()) {

                   outToken = context.initSecContext(inToken, 0,
                                                     inToken.length);

                   if (outToken != null)
                       writeGSSToken(outToken);

                   if (!context.isEstablished())
                       inToken = readGSSToken();
               }

               GSSName peer = context.getSrcName();
               print("Security context established with " + peer +
                     " using underlying mechanism " + mech.toString());
           } catch (GSSException e) {
                   print("GSS-API error
                       code.

6.8.3.  getMajor

   public int getMajor()

   Returns during context establishment: "
                         + e.getMessage());
               ...
               ...

           }

           ...
           ...
       }

       /**
        * Sends some data to the major code representing server and reads back the GSS error code that caused
   this exception response.
        */

       private void doCommunication() {
               byte[] inToken = null;
               byte[] outToken = null;
               byte[] buffer;

               // Container for multiple input-output arguments to be thrown.

6.8.4.  getMinor

   public int getMinor()

   Returns the mechanism error code that caused this exception. The
   minor code is set by and
               // from the underlying mechanism. Value of 0 indicates
   that mechanism error code is not set.

6.8.5.  getMajorString

   public String getMajorString()

   Returns a string explaining per-message routines (ie. wrap/unwrap).
               MessageProp messgInfo = new MessageProp();

               try {

                   /*
                    * Now send some bytes to the GSS major error code causing this
   exception server to be thrown.

6.8.6.  getMinorString

   public String getMinorString()

   Returns a string explaining the mechanism specific error code.  An
   empty string
                    * processed. They will be returned when no mechanism error code has been
   set.

6.8.7.  setMinor

   public void setMinor(int minorCode, String message)

   Used internally by the GSS-API implementation integrity protected but
                    * not encrypted for privacy.
                    */

                   buffer = readFromFile();

                   // Set privacy to false and use the underlying
   mechanisms to set default QOP
                   messgInfo.setPrivacy(false);

                   outToken = context.wrap(buffer, 0, buffer.length,
                                           messgInfo);

                   writeGSSToken(outToken);

                   /*
                    * Now read the minor code and its textual representation.

   Parameters:

        minorCode The mechanism specific error code.

        message   A textual explanation of response from the mechanism server.
                    */

                   inToken = readGSSToken();
                   buffer = context.unwrap(inToken, 0, inToken.length,
                                           messgInfo);
                   // All ok if no exception was thrown!

                   GSSName peer = context.getSrcName();
                   print("Message from "       +
                         peer.toString() + " arrived.");
                   print("Was it encrypted? "  +
                         messgInfo.getPrivacy());
                   print("Duplicate Token? "   +
                         messgInfo.isDuplicateToken());
                   print("Old Token? "         +
                         messgInfo.isOldToken());
                   print("Unsequenced Token? " +
                         messgInfo.isUnseqToken());
                   print("Gap Token? "         +
                         messgInfo.isGapToken());

                   ...
                   ...

               } catch (GSSException e) {
                   print("GSS-API error code.

6.8.8.  toString

   public String toString()

   Returns a textual representation of both the major and minor status
   codes.

6.8.9.  getMessage

   public String getMessage()

   Returns a detailed message of this exception.  Overrides
   Throwable.getMessage.  It is customary in Java to use this per-message calls: "
                         + e.getMessage());
                   ...
                   ...
               }

               ...
               ...
       } // end of doCommunication method to
   obtain exception information.

7.

       ...
       ...

   } // end of class AnotherClient

9.  Acknowledgments

   This proposed API leverages earlier work performed by the IETF's CAT
   WG as outlined in both RFC 2078 and J.  Wray's C-bindings draft for
   the GSS-API.  Many conceptual definitions, implementation directions,
   and explanations have been included from the C-bindings draft.

   I

   We would like to thank Mike Eisler, Mayank Upadhyay, Lin Ling, Ram Marti, Michael
   Saltz and other members of Sun's development team for their helpful
   input, comments and suggestions.

   I

   We would also like to thank Joe Salowey, and Michael Smith for many
   insightful ideas and suggestions that have contributed to this draft.

8.

10.  Bibliography

   [GSSAPIv2]
   J. Linn, "Generic Security Service Application Program Interface,
   Version 2", RFC 2078, January 1997.

   [GSSAPIv2-UPDATE]
   J. Linn, "Generic Security Service Application Program Interface,
   Version 2, Update 1", IETF work in progress, Internet Draft, July
   1998.

   [GSSAPI-Cbind]
   J. Wray, "Generic Security Service API Version 2 : C-bindings", IETF
   work in progress, Internet Draft, July 1998.

   [KERBEROS_V5]
   J. Linn, "The Kerberos Version 5 GSS-API Mechanism", RFC 1964, June
   1996.

   [SPKM]
   C. Adams, "The Simple Public-Key GSS-API Mechanism", RFC 2025,
   October 1996.

9.

11.  Author's Address

   Address comments related to this memorandum to:

        <cat-ietf@mit.edu>

   Jack Kabat
   ValiCert, Inc.
   1215 Terra Bella Avenue
   Mountain View, CA
   94043, USA

   Phone: +1-650-567-5496
   E-mail: jackk@valicert.com

   Mayank Upadhyay
   Sun Microsystems, Inc.
   901 San Antonio Road, MS MPK17-201 CUP02-102
   Palo Alto, CA 94303

   Phone: +1-650-786-4282 +1-408-517-5956
   E-mail: mdu@eng.sun.com