Interface SecurityReplaceable::SecurityContext

interface SecurityContext

The SecurityContext object is created by the vault on either an initialize_security_context (client side) or accept_security_context (server side).



Attribute Index

chan_binding
The channel binding that were used to intialize the security context.
context_state
The current state of the context establishment.
context_type
The type of the security context.
mechanism
The mechanism currently in use by the security context.
peer_credentials
Credentails received from the peer.
supports_refresh
This attribute tells whether this context supports being refreshed.

Operation Index

continue_security_context
This operation is used on either the Client or Server oriented contexts.
discard_security_context
is_valid
Returns the validity state of the context.
process_discard_token
process_refresh_token
protect_message
This operation protects the message using the give QOP.
reclaim_message
This operation reclaims a message from the protection.
refresh_security_context

Attributes

chan_binding
readonly attribute Security::ChannelBindings chan_binding;

The channel binding that were used to intialize the security context. Client Side.


context_state
readonly attribute Security::SecurityContextState context_state;

The current state of the context establishment.


context_type
readonly attribute Security::SecurityContextType context_type;

The type of the security context. Its client/server orientation.


mechanism
readonly attribute Security::MechanismType mechanism;

The mechanism currently in use by the security context.


peer_credentials
readonly attribute SecurityLevel2::Credentials peer_credentials;

Credentails received from the peer. However, this may not be used in favor of received_credentials on the ServerSecurityContext, or target_credentials on the ClientSecurityContext.


supports_refresh
readonly attribute boolean supports_refresh;

This attribute tells whether this context supports being refreshed.



Operations

continue_security_context
Security::AssociationStatus continue_security_context(in Security::OpaqueBuffer in_token,
                                                      out Security::OpaqueBuffer out_token);

This operation is used on either the Client or Server oriented contexts.

Context must be greater than or equal to the SecContextContinued state and less than the the SecContextEstablished state.

Parameters:
in_token - The GSS Token.
out_token - The output GSS Token. Note, this token can contain 0 octets, which means that security context has transistioned into the SecContextEstablished state and this operation has returned SecAssocSuccess.
Returns:
Security::SecAssocSuccess, Security::SecAssocContinue, or raises exception with reason, otherwise. When returning Security::SecAssocSuccess context is in the SecContextEstablished state. When returning Security::SecAssocContinue context remains in the SecContextContinue state. However, state may go to SecContextHalfEstablished.

discard_security_context
boolean discard_security_context(in Security::Opaque discard_data,
                                 out Security::OpaqueBuffer out_token);
is_valid
boolean is_valid(out Security::UtcT expiry_time);

Returns the validity state of the context.

Parameters:
expiry_type - The expiry time of the context.
Returns:
True if and only if the current context is valid.

process_discard_token
boolean process_discard_token(in Security::OpaqueBuffer discard_token);
process_refresh_token
boolean process_refresh_token(in Security::OpaqueBuffer refresh_token);
protect_message
void protect_message(in Security::OpaqueBuffer message,
                     in Security::QOP qop,
                     out Security::OpaqueBuffer text_buffer,
                     out Security::OpaqueBuffer out_token);

This operation protects the message using the give QOP.

Parameters:
message - The message to be protected.
qop - The quality of protection to use.
text_buffer - This output parameter may contain information that may not be included in the output_token. Returning information in this argument has the semantic meaning that the token protects the message in the text buffer, implying integrity protection only. This signals to SECIOP that a MIC and message are sent seperately.
out_token - This is the protection token. If no data was in the text_buffer, then a WRAP by SECIOP with only this token data.

reclaim_message
void reclaim_message(in Security::OpaqueBuffer text_buffer,
                     in Security::OpaqueBuffer token,
                     out Security::QOP qop,
                     out Security::OpaqueBuffer message);

This operation reclaims a message from the protection.

Parameters:
text_buffer - This message may be the seperate message from the token, implying integrity protection only that was created by the protect_message operation on the remote end. If it has any data, that implies the token is merely an MIC.
token - The MIC or WRAP token depending on the data in the text_buffer.
qop - The quality of protection that the message was sent with.
message - The reclaimed message.

refresh_security_context
boolean refresh_security_context(in Security::OpaqueBuffer refresh_data,
                                 out Security::OpaqueBuffer out_token);

Generated by the ORBacus IDL-to-HTML translator (non-commercial)